Whar's SO hard about understanding privacy and security?
What's SO hard is that most people are non-thinking, and / or have no critical-thinking skills. AND have been led to believe that computers (computing devices/tablets/'smart'phones) are the panacea for all our problems--most notably, in this, and similar cases, the inconvenience of using the Post Office to thoroughly (almost) guarantee privacy and security of the transmission of personal data (tl;dr--the inconvenience of 'writing a letter').
To paraphrase a very recent comment right here on El Reg: "...never put any sensitive information on-line...".
And to NOT paraphrase an e-mail just received (the timing, here, is absolutely impeccable) from one of my physicians:
"Dear xxxxx,
yyyyy. and its affiliated practices are committed to protecting the confidentiality and security of our patients’ information. We are writing to inform you that we recently identified and addressed a data security incident that may have involved some of your information. This notice explains the incident, measures that have been taken, and some steps you can take in response.
On June zzz, yyyyy concluded our investigation of an intrusion into our IT network by cyber criminals and determined that the incident resulted in unauthorized access to certain files on our IT systems that contain patient information. We first identified the intrusion on June 4, 2021 and immediately took our entire network offline out of an abundance of caution to protect our patients and to secure our systems. We also launched an investigation and notified law enforcement..."
[Just to be perfectly clear: this has nothing to do with the sending of e-mails, but simply with the fact that all my personal records, medical and otherwise--including credit card information are kept in a computer-based system. I NEVER allow a medical practice--or anyone else, for that matter--to communicate sensitive information via e-mail]
There is a very good reason that firms which require data privacy still require the use of facsimile ("faxes") or some form of courier for information / data transmission.
You want data privacy and security? The absolutely best way, for the price, is via mail--or "post'', for you folks of the British persuasion.