Sophie asks a very important and pertinent question (which I’ve slightly edited for brevity):
A question regarding the safety of couples sending digital copies of their ID via email or within a system like Dubsado.
A groom works in IT and raised concern when I asked him to send through copies of their ID to draft their NOIM. I replied saying that I thought uploading their docs via a form in Dubsado would be safe.
He replied ’In regards to the Dubsado application or other applications with securing sensitive documentsdata, I’m in IT and been involved in data breach incidents. All applications and back end data need to follow ISO 27001 standards, so hopefully Dubsado are complying. Part of the standard is that, these documents provided are extremely sensitive and should not be emailed and secured within the application. Data travelling via networks (internet) need to be encrypted, and not all email accounts or tools do this. Hence why I shared the documentsdata via a shared drive for you to sight the files only, then I delete.
I informally recommend, not to save these documentsdata within the application, unless they are fully encrypted, or deleted 6-12 months after the ceremony. Especially not to save this data on your desktop or email account, and NEVER click on an email or link your don’t know the recipient.’
Wondering what you guys know and think of this? I should probably contact Dubsado directly too, but at times have had couples email and even text me through pics of their ID – is it way too risky and should I use Skype/FaceTime aka ‘real time’ to never run into the issue? Obviously receiving a pic is a lot more convenient most of the time!
Your groom isn’t wrong, Sophie. Data security and maintaining privacy is super important to understand and to know whether you are
- transferring data securely
- at a liability holding on to data
The problem with your groom’s comments is that he’s not a marriage celebrant, so we need to meet somewhere in the middle, somewhere in-between high data security standards, privacy laws, the marriage law and advice, and something that actually works.
Secure transmission and holding of data
When we talk about transmission of data we’re talking about getting it from one place to another.
An example using this very article
For example this article was created and stored on my computer, then I transmitted it to the website so you could transmit it to your computer to read it. In that transaction there are two transmissions of data, and three holdings of data. The first transmission is from Ulysses on my Mac to WordPress on the WPEngine server. The second is from WPEngine’s server to your webs browser on your device, because when you view content from the internet, you’re not viewing it “on the internet” you are downloading it to your device and viewing it there. The holdings of the data are as discussed, in Ulysses on my Mac, in WordPress on WPEngine’s servers, and in your web browser cache.
So if someone stole this article and published it on their own website, I could look at the transmissions, were they secure, and then the holding of the data, and how secure are they. Intercepting an SSL connection (that little padlock when you view a website) is pretty hard, so it’s likely that thief either access my computer (hard), accessed your device and trawled through your web browser cached (hard by possible), or simply viewed the website on the public internet using either one of your logins or they simply paid the membership fee and accessed it that way (highly possible).
An example using a PDF of a passport
If you receive PDFs of passports from a client for example, then there are three or four transmissions of data and three holdings of data.
The couple scan the passport on their home scanner, maybe this uploads the scans to Dropbox like mine does, or it scans it to the computer hard drive: holding number one. The couple then attach it to an email to you on the same computer: holding number two and it hasn’t even left the computer yet. The email is sent (transmission number one) to their own email sending server (an SMTP server) at which point it is stored in their sent mail folder (their IMAP or POP3 server, and holding number three). Their email server sends it to your email receiving server (SMTP) and stores it in your inbox (IMAP) and then your device connects to your IMAP server and downloads it to your computer or phone. Maybe it downloads to your phone and your laptop, and maybe your partners computer if you also have your email there. So many holdings, so many transmissions. This is where the Hillary Clinton’s presidential campaign fell apart.
How do we transmit and hold data securely?
To transmit data securely it’s simply about removing the number of points of intrusion, it’s just like securing your home, the less external doors and windows you have, the less doors and windows you need to secure, but like a house, you also need to consider whether the thief could simply lift a roof tile and enter the house that way if everything else is so secure.
1- Reduce the number of points of entry
So email has so many points of entry, but if all of the email servers are secure in nature, then it’s generally ok. A good way to find out whether your own email is secure is to run the tests at https://www.checktls.com. And if your email servers are all secure, you just need to make sure that your email storage, on your phone or computer is also secure.
If you’re asking people to upload PDFs of their ID to a server, how accessible is that server? I’m waiting on Dubsado to respond to this question, but you need to ask the same of any system you use, whether it’s Dropbox, or Tave, 17Hats, or Studio Ninja.
2- Secure the house
Once you’ve identified any weaknesses in your data sending and receiving, it’s time to look at where you hold data.
Start by identifying exactly physically where your data is stored. Is it on an external hard drive, or is it in your laptop? Is it on your laptop, but you also backup to an external hard drive? Do you print it out and store it in an inbox tray on your desk?
Once you’ve identified all the places you are storing data, digitally or physically, how easy is it for other people to access that? If it’s all in your office, is your office locked, or is your house locked, and who has access to it? Are the hard drives encrypted? Do you have high security access to your devices, like FaceID on your iPhone, or TouchID on your Mac? Is your password your child’s name?
The simple thing we’re trying to eliminate is people accessing the data, either remotely or by walking into your house and taking it.
3- Ditch what you don’t need to hold
If you only need to sight a passport, simply sight it. But if you need to hold onto information, like the official certificate of marriage, then hold on to it. The important thing is knowing what you need to hold onto.
4- What about our obligations as a marriage celebrant
As celebrants we are required to hold onto any and all appropriate marriage paperwork until we submit it to the BDM. This one is obvious because it’s kind of hard to submit documents you don’t have. But once you’ve submitted them, what next? I typically hold onto the documents until I know the registration is processed. But the AG office will also tell you that there’s a requirement to hold onto the official certificate of marriage for six years.
We however have zero, I say nothing, not one, requirement to hold on to any passports, birth certificates, divorce paperwork, or any other private data. so if we’re not required to hold onto them, I would strongly suggest you do not, if only because data you don’t have is data you can’t have stolen from you. But if you are holding onto data, that data is a liability hanging over your head until the day it’s deleted or stolen.
5- Can we just view the documents instead of holding them?
You can 100% sight a document like a passport or birth certificate and not hold onto a copy (or the original), but in an online environment this is a little more difficult.
Can I receive documents electronically? Yes. Marriage documents including the Notice of Intended Marriage (the Notice) and original supporting documents, such as passports (scanned original not certified copies), birth certificates (scanned original not certified copies) and divorce certificates (scanned original or certified copies), can be provided to a celebrant in electronic form. A scanned copy of an original Commonwealth statutory declaration can also be provided to a celebrant. Electronic form’ includes an email (scanned), text messaging a photo of the document, or facsimile; but does not include videoconferencing such as Skype.
Just in case you missed that: email is ok, text messaging is ok, fax is ok, Skype or videoconferencing is not ok.
Why can’t we video conference and why is uploading to Dubsado or email ok?
One of the requirements of the Electronic Transactions Act is that a document be readily accessible for subsequent use. As videoconferencing is not a physical transfer of information, like a scan, a photo by text message, facsimile or email, with the ability to store documents, it cannot be readily ‘accessed’ for future reference. While the ETA allows for the electronic form of a document to be produced, it must maintain the integrity of the document.
So as much as Skype would completely reduce the liability for securely transmitting and holding onto data, it doesn’t leave you with a document ready for subsequent use.
Where to from here
I can’t write an article designed to help each of you individually because each of you have different operating systems and devices, but please go out of your way to understand what a high level of data security means for you and your workflow. Buy whatever book you need to buy, hire a consultant, go to a class, learn. It is only a matter of time until there is a major data breach of an Australian marriage celebrant’s data store of the hundreds of people they have married, with all of their full legal names, birth details, parents names, ID document numbers, and possibly even the actual ID documents.
As for receiving documents from people securely, I would trust my email over a CRM (like Tave or Dubsado), if I know my email is secure, but your groom’s idea of sharing a folder with you to view the document then he deletes it is also not a bad idea.
The problem with high security is that it starts to become inaccessible to the common person booking you, because the most secure system is one that either doesn’t exist, or one that no-one accesses.