How should suppression lists be shared or encrypted?

Suppression lists containing email addresses are personal data requiring appropriate protection. Encryption at rest and in transit protects suppression data from unauthorized access.

Sharing suppression lists between organizations requires legal basis under privacy regulations. Generally, suppression data can be shared for the legitimate interest of preventing unwanted email, but formal agreements should document this.

When sharing, minimize data to what is necessary: usually just email addresses and perhaps suppression reason. Encryption during transfer and access controls on shared data protect against misuse.