What is the appropriate protocol for handling confidential client information in email?

• A. It's okay to email unencrypted if password-protected.
• B. Share PII with colleagues through group email without verification.
• C. Copy and paste into any email when you forget to encrypt.
• D. Use secure, encrypted emails when sharing PII, avoid sending sensitive info in plain text, and verify recipient.

Answer: (D)

Protecting client privacy when sharing information via email hinges on using secure, encrypted channels and confirming the right recipient. When PII is sent through encrypted mail, the content remains protected from interception, which is essential for confidentiality and compliance. Verifying the recipient before sending further reduces the risk of accidentally disclosing information to the wrong person.

Why other approaches fail: sending unencrypted email—even with a password—can still be exposed if the password is shared or compromised, and many systems don’t make password protection robust enough. Sharing PII in a group email distributes sensitive data to people who may not need it, increasing exposure. Copying and pasting sensitive information into plain text bypasses any protective encryption entirely, creating an easy path for data leakage.