HR asks for proof of right to work, a copy of your passport photo page, and your bank details for payroll. You take photos, save as PDF, and attach to the reply. The attachments now sit in HR's inbox, your sent items, and probably IT's email archive. Encrypt before sending.
What's typically in scope
Onboarding: passport, visa, work permit, prior P45/W-2, bank details, emergency contacts.
Ongoing: payslips you keep copies of, expense receipts, performance documentation.
Offboarding: settlement agreements, references, exit paperwork.
Each contains identifiers and financial details that warrant encryption.
The workflow
Combine related files via Flint's merge tool. Encrypt the merged PDF in Flint's password tool. Send the encrypted file by email. Send the password by text, internal IM, or in person.
Keep the unencrypted local copy in your password-protected drive or vault, not in your downloads folder. Once HR confirms receipt and processing, delete the local copy if you don't need it.
Onboarding portals
Many employers use onboarding platforms (Greenhouse, Workday, BambooHR) with their own secure upload. Use the platform rather than email when offered — it's designed for exactly this purpose with access controls and audit trail.
If the platform doesn't exist or is broken, email with encrypted attachment is the fallback.
FAQ
Do I need to encrypt internal HR documents?
If they leave HR — to managers, payroll, external auditors — yes. Internal HR systems usually have their own access controls; encryption is the second layer.
What about photo IDs?
Treat passport, driver's license and similar as high-sensitivity. Encrypt as PDF; never attach unencrypted to internal email.
Should HR send my payslips encrypted?
Yes — they should. If they don't, raise it. Many HR functions now use per-employee password schemes by default.
Can I refuse to send sensitive documents over email?
You can ask for a portal or secure-share. Most established HR functions have one; if not, encrypted PDF over email is the minimum.
HR gets identity-grade material. Encrypt before sending — every time.