Leadership has finalised the redundancy proposal. It's going to a list of 30 senior staff before the wider announcement. One forward and it's on the front page of the trade press by Monday morning. Internal sharing needs the same discipline as external.
Define the audience precisely
Don't send to a generic 'leadership' alias. Send to the specific recipients on the list. Aliases include people who shouldn't see the document and exclude people who should.
If the list is 30 people, send 30 individual emails (or use BCC for a single send). Track who received what. For very sensitive material, get acknowledgement of receipt per person.
Encrypt with per-recipient passwords
For the most sensitive material, encrypt each copy with a unique password and add a recipient-specific watermark. If the document leaks, the watermark identifies the source and the password limits which copy was leaked.
Flint's password tool handles encryption; the watermark step uses the edit tool. The marginal effort buys traceability.
Distribution channels
Email for transit, internal IM (Slack/Teams) for the password. Or use a secure file-share with per-recipient access — easier to revoke and audit.
For very high sensitivity, an in-person reading session in a controlled room beats any digital distribution. Reserved for genuinely irreversible material.
Set expectations explicitly
Mark the document CONFIDENTIAL, identify the audience on the cover ('Distributed to: senior leadership, 12 March 2026'), state forwarding restrictions ('Do not forward without authorisation').
These don't enforce technically but they document intent — useful if the document is leaked and the source needs to be addressed.
FAQ
How do I prevent screenshots?
You can't fully. Watermarks deter; technical controls (secure viewers) reduce but don't eliminate. For irreversible material, control distribution rather than control after distribution.
Should I use board portals?
For board material, yes — Diligent, BoardEffect and similar provide access controls, audit logs and revocation. Worth the cost for sensitive governance documents.
What about senior staff using personal email?
Discourage. Personal email is outside corporate control and outside any audit. Distribution should go through corporate-controlled channels.
How do I handle leaks?
Identify the source if possible (watermarks help), escalate to legal and comms, plan the response. Technical controls are prevention; process is response.
Internal confidential material needs external-grade discipline. Encrypt, watermark, distribute carefully.