NSPCC introduces secure e-mail

The nature of its work means electronic security is vital for the children's charity.

The nature of its work means electronic security is vital for the children's charity.

The National Society for the Prevention of Cruelty to Children (NSPCC) is supporting its efforts to protect children by using secure content management software to help transmit confidential information safely via the Internet.

Although the charity was quick to realise the benefits of the Internet as a communication tool, it has been wary of e-mailing case files and personal data because of security fears. As Brendan Major, the NSPCC's head of information services, explains, the consequences could be disastrous. "Electronic communication lies at the heart of most people's business, including ours, and you need to know you can communicate securely," he says. "Some of the information we deal in is literally a matter of life and death."

The NSPCC started looking into ways of increasing online security more than a year ago but a lot of the products available fell short of its expectations. Most were based on public key infrastructure (PKI) and the charity felt they would be too complex and expensive to manage. Major also points out that setting up a PKI-based solution with key pairs and digital certificates would not make sense as the NSPCC deals with a lot of people and organisations only once.

The charity made contact with its eventual partner, software firm Tumbleweed Communications, at an event for IT directors last year and went on to test a cut-down version of its Secure Mail product.

Major says the charity had three key considerations. It had to be secure, easy to use and provide better mass mailing management so the charity could tell if or when its e-mails were opened. The product delivered all three at a reasonable price. "Tumbleweed offers a manageable management overhead and it allows us to set up user-configurable security," says Major. "It has proved to be a very good working partner."

The NSPCC began introducing the new software and security measures in September 2001, opting for a staggered roll-out.

Major says the biggest barrier to new technology projects at the charity is cultural change. To combat this, it will make the new system as easy to use as possible by integrating it into Microsoft Outlook. When a user chooses to send an e-mail marked "high importance", the system automatically sends it via the secure Tumbleweed route instead of the normal MS Exchange route.

The charity will also use the technology to manage its donations and in the future it hopes to manage the relationships with its customers better and match content and services to people's interests. "However much we like it or don't like it, people's expectations are shaped by the world of commerce," says Major.

Read more on IT risk management