When you send an email to anyone, the message passes through a whole series of computers. On its way, it can be seen by all kinds of people - network operators, employers, and more. In addition, many of these computers store the messages long-term (it's a legal requirement for many of them), and the stored messages can be scanned as part of investigations or even as part of regular auditing.
All this means that, when you send confidential information by email, it's not confidential. There's no protective envelope as there is with conventional mail - it's as if you sent all your secrets on a plain piece of paper.
Legal precedent, and best practice now all agree: when you send confidential details by email, you're making a disclosure, and your secrets are no longer secret - just by sending it!
That's a shame: we like email. It gives us a record of our conversations, it allows us to think about the answers we give you, and it allows us to work odd hours (which is good when the 'phone is ringing all day!)
The answer is encryption. Encryption means you can encode your emails such that they can only be read by the people you want to read them. To anyone else, your messages appear gibberish.
There are lots of encryption schemes available. Some appeared as developments from military research, and others were pure theory. Some we know exactly how they work, some are still shrouded in secrecy. We like PGP, because it's demonstrably strong, it's easy to use, and it's very flexible.
Briefly, PGP works by creating two, complementary keys: one to lock mesages, and the other to unlock them.
So, when you want to send a message which only I can read, you lock it using my public key (anybody can get my public key - it's not secret). When I receive the message, I use my private key to read it - and since only I have my private key, only I can read it. You can do more: if you also encrypt your message using your private key, then anyone (including me) can unlock it with your public key. But, since only you know your private key, only you could have sent it - it's like a signature of authenticity.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> mQGiBDkkISARBADrdgOkwlF4zxoq9vjryM3gHctQrBFdfAOv/5oHsXQRxz9vQxKR odaBP1l1dsWcN0XJik2Wrjnt2cZVW/q6FuXh1Zz0xFPCyd3Bo9jdAXi27XRMPkko wUJ/8BK0FG0KvB85x/1iVM7gunLupBoYN8pbGPvrrVQX/hB5scvQUgI/6QCg/2F3 xzgcu+0Dq4KiLqn3kvhaONcD/0W1GCGH99clwpKzSynSy1EEOKxXXSiHQtIOpxe+ TWtNW5+EPnhFVbrI4CjRZaT+f8XcfVbu0qSqo1QSQCAyzxnbtXRE1YYPhtdyVseC L1HISA4IbVE3WC1gnKqkbKHf3aY/v0tUVIdyltSmN1XK86KvPQBVieahmiaRZ9qz 2sxDBACEEmZbGN/M7rJQvdmtboIfwSTu2E2JSGbNqe7VGUNFwHRumHfGtS9JFzAv T4Gq2ZXgyLuLC8A4vkn1/9pq3Xxf7wEMLrYoDLPg2ebMaFcJcbk/59gDdnfmnZ77 vchfcQ7JBvLAAoYqEm2tIuzM2i7ofVqQ4lCT1JE7IZU1l63bfrQhSnVsZXMgTWF5 IDxqdWxlc0BqdWxlcy5jaXguY28udWs+iQBOBBARAgAOBQI5JCEgBAsDAgECGQEA CgkQgOForYj6GP8MSgCcDDxw9TyZQT0N9K9OOt2TyxSNfKsAoOGL+UUrcIKR+Tis mKTPchvmLy7euQINBDkkISAQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4 INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3b zpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9G AFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67 VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM 2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACDqc6bAj5J 5j1WbinfV9Ljczoed+KXOzGmXB3WQs32UhaVFvzjHdDzvpewRB+Q0fmgdNP5p6FD VfnrF0XSresCp5cWUjbBH/opuBQ5+rWEv7RGe7/cxYbjSF/ITLCyfQB4jh/X2uPw Mt5jwSclxFPJPXlQegCgcCgEtCeRxbIi4lKFpvhzSmB4gkbBTFDk3xkicd39tvkA D13A/m1EKf2n12Pyld/bvaEaiUZbgNZpUCd3UxkoLerzv6E4FHBkvc+X/VeJWG9C S5aW9ej478oLf9NeLvTo8h56YkbEwMO5SYeYWocTm/AT10L7Af4kLu8zTPg+a7LD x68gNcV/KlLniQBGBBgRAgAGBQI5JCEgAAoJEIDhaK2I+hj/rsMAoIXgbO917i7k EPRSsC/08s4XP2alAKCRH9MSxk7w9GaUonyokzVVLh8QFA== =CSvd -----END PGP PUBLIC KEY BLOCK-----
You can get a copy of PGP from their website. You can get a free version which encrypts and decrypts mail, or for a few dollars you can get a version which fully integrates with your mail program. I suggest you pay the fee, because it's not very much and it makes life much easier
Once you've got it, you'll need to install it. The instructions come with the program. Once you've got it running, you'll need to generate a key pair for yourself. You can either publish your public key through the PGP directory, or else you can send it only to the people you want. Either way, make sure you keep your private key very safe, and make backup copies of it - you're going to need it!
To make your life easier, I've shown my public key in the box (don't worry about what it means - just give it to PGP once you've got it installed, and PGP will know what to do with it). You can use this to send messages to me. If you'd like a reply, you're going to need to send me your public key - it's probably easiest all round for you to send me an email with your key in it. (I use my public key as part of my email signature file)