The protection of personal or sensitive data requires "appropriate technical and organisational measures to ensure a level of security appropriate to the risk".
In addition to being hosted on an infrastructure that complies with ISO 27001, ISO 50001 and HADS standards, BlueFiles allows you to secure your outgoing data in accordance with CNIL recommendations.

Raising user awareness (cf: SHEET 1 CNIL GUIDE)

This is not a trivial task and to raise awareness the tool must be designed for this purpose :

  • When using a function that allows a document to be sent without authentication for the recipient, they must be told every time (awareness is repetition) that they are taking a risk and that, in this context, this sending does not comply with HDS certification or ISO 27001 certification.
  • The tool must meet modern / user friendly ergonomics to make users adhere to the use of strong authentication without the feeling of performing a complex operation. BlueFiles has a full web html5 responsive interface, an Outlook add-in and a dedicated api for automated uploads to simplify use as much as possible.

Authenticate users (cf: SHEET 2 CNIL GUIDE)

Management of shared accounts : if your users/departments use shared accounts on your current solution without proper identification it is simply forbidden for health and personal data (see sheet 2). As this service is very useful and often structuring for a specific organization, BlueFiles allows you to manage shared accounts in compliance with the law with each user's own identifier (even if they don't have their own email box).

Does your current solution allow users (sender and recipient) to :

  • Set up a two-factor authentication (by TOTP)
  • Force a strong authentication (2 factors) for a given sending

Securing exchanges with other organizations (cf: SHEET 14 – CNIL GUIDE)

Electronic messaging is not a secure means of communication for transmitting personal data without additional measures.

What are the risks?

Because of their lifespan, data can have a very high market value, such as health data. (https://healthcare.orange.com/fr/dossiers/securite-des-donnees-de-sante/)

Hacking/leakage (voluntary or not) : Following the above-mentioned recommendations, i.e. authentication (strong authentication) essential for all users, restricted passwords, permanent awareness, solid and standardised hosting are the only acceptable answers. Ignoring them means facing very high risks/costs.

GAFAM : 
The ONLY technological response to the appetite of GAFAM (and Asians) is end-to-end encryption (with strong authentication) and BlueFiles offers it hosted in France on an HDS server, in compliance with all the CNIL guide sheets and in a user-friendly manner. Deploying end-to-end encryption is not a simple precautionary principle; it is an obligation for data controllers, who can do so for sensitive, health or personal data.
(cf [SHEET 14 CNIL GUIDE] – section going further « The use of public key algorithms, when the various players have set up a public key management infrastructure, appears particularly suited to guarantee the confidentiality and integrity of communications, as well as the authentication of the issuer. »)

Email without PGP or S/MIME encryption (see article on PGP - S/MIME) is no longer acceptable for transferring sensitive or personal data, so you must use a file transfer solution suitable for this purpose. Synchronized folder solutions that allow sharing by link with or without a password to be transmitted by email do not provide sufficient guarantees of confidentiality and recommended authentication.

Conclusion

With BlueFiles, each transmission takes a technological leap forward in terms of regulatory compliance by using the latest generation end-to-end encryption (RSA OAEP PSS) on an HDS platform with awareness at each stage, strong authentication, logged access, transmission report and acknowledgement of receipt.

cancel
* Required

Loging-in, please wait.

* Required