CASE STUDY
How the City of Riverdale, Georgia Secured Sensitive Citizen Data with Virtru
Alford Arnold Jr
IT Manager
-
INDUSTRY
State & Local Government
-
COMPLIANCE
HIPAA, CJIS
-
PRODUCTS
Virtru for Outlook
See Virtru in Action
The City of Riverdale, Georgia, is a municipal government serving the residents of a growing community south of Atlanta. Like all local governments, Riverdale depends on its staff to carry out the practical work of city operations: processing vendor payments, managing human resources, maintaining official records, and serving the financial and administrative needs of the city's constituents.
That work generates a constant flow of sensitive documents. W9 forms, bank account details, employee records, and official forms regularly move between city departments and external organizations. For years, Riverdale handled much of that external sharing the way many local governments did: by fax. It worked, in the sense that documents arrived at their destination. But it offered no visibility into what happened after transmission, no audit trail, and no ability to know whether the right recipient actually received a given document.
When the HR department needed to modernize how it sent sensitive documents to external companies, and wanted to finally move away from fax, IT Manager Alford Arnold Jr. went looking for a solution that staff would actually use.
The Result
- Persistent protection for sensitive PII and financial data. City departments including HR, finance, and the clerk's office now send W9 forms, bank account information, and compliance-related documents outside the organization with persistent encryption that travels with the data, regardless of where it goes after the initial send.
- Seamless adoption with no workflow disruption. Virtru Email Encryption deploys as a native integration within Microsoft Outlook. Most city staff access encryption through a simple toggle, keeping their existing workflow intact. Security should empower, not stifle, and in Riverdale, it does.
- Compliance support for IRS Publication 1075 and related requirements. Departments handling federal tax information and other regulated data now have a documented, auditable path for external document sharing that supports IRS Publication 1075 requirements and the compliance obligations of the finance and clerk's offices.
- Reliable support when it matters. When a technical issue surfaced roughly a year into deployment, Virtru's support team responded quickly and resolved the problem without extended downtime. Arnold notes the speed of resolution as a marker of the partnership working as expected.
The Challenge: Sensitive Documents, No Visibility, No Control
As document volumes grew and compliance requirements tightened, fax was no longer a sustainable answer. It offered limited visibility into what happened after transmission, limited recipient verification, and limited audit trail. For a government office with obligations tied to frameworks like IRS Publication 1075, which governs the handling of federal tax information, a more defensible approach was overdue.
The question for IT was not just whether a solution would protect data. It was whether staff would actually use it.
Why Traditional Solutions (Microsoft Native Encryption) Fell Short
Microsoft's native email encryption was the obvious starting point. The city already ran Microsoft 365, and the built-in encryption capability was right there. But Arnold and the HR team evaluated it and set it aside for a clear reason: the recipient experience was too cumbersome. External recipients faced a friction-heavy process to access encrypted messages, and for a city government sending documents to vendors and external companies who had no familiarity with Microsoft's encryption portal, that friction was a practical barrier. A tool staff hesitates to use is a tool that does not get used.
This is a failure mode that goes beyond any single product. Many native email encryption approaches share the same structural limitation: they prioritize control within their own ecosystem and treat external recipients as secondary. The resulting experience often requires recipients to create accounts, navigate unfamiliar portals, or authenticate through systems they have never encountered. In a government context where external partners range from small vendors to state agencies with their own IT constraints, that complexity translates directly into failed deliveries and workarounds that defeat the purpose of encryption in the first place.
Virtru for Outlook addressed the core requirement: protection travels with the data through a recipient experience that does not require the other side to have Virtru installed or an account created. For a city government sending documents to a wide and varied pool of external organizations, that was the differentiating fit.
Recommended Reading: How Virtru for Microsoft Outlook Works
The Deployment: Integration, Not Replacement
Virtru integrates directly into Microsoft Outlook rather than replacing it. For the City of Riverdale, that meant no new email client, no new workflow, and no new muscle memory required of staff who were already comfortable with the tools they used every day. The integration, not replacement approach meant the transition was a layer on top of what already existed, not a replacement that required retraining from scratch.
For most city employees, encryption is accessible through a simple toggle in Outlook. The decision to encrypt is a single step, not a multi-screen workflow. For a subset of users whose roles involve frequent external sharing of sensitive documents, including Arnold himself, encryption is enabled by default on outgoing messages, removing the decision entirely and ensuring that protection is consistent rather than reliant on individual choice.
The learning curve was real but small. "When you first start off there are some people who ask questions," Arnold noted, describing the initial training period. But once users understood the basics, the experience settled into routine. No news, in this case, is good news: the absence of ongoing complaints from city staff is itself a signal that the solution is working as intended.
External recipients receive encrypted messages they can access without creating a Virtru account, viewing protected content through a browser-based experience that does not require them to install anything. For the vendors, financial institutions, and external agencies that receive documents from Riverdale, the experience is low-friction on their side as well.
"Virtru kind of came in and saved the day." — Alford Arnold Jr., IT Manager, City of Riverdale, Georgia
A Model for Municipal Government
What Riverdale built is not a complicated architecture. It is a straightforward deployment of persistent encryption within an existing Microsoft environment, applied specifically to the problem of external document sharing. But that straightforwardness is part of the point.
Local governments across the country face the same structural challenge Riverdale faced: sensitive data that must move outside the organization, compliance obligations that require defensible controls, and staff who need tools they can actually use without specialized training. The city's experience demonstrates that closing that gap does not require a large-scale technology overhaul. It requires the right integration point and a solution that makes secure sharing the default rather than the exception.
For municipal governments whose mission centers on serving residents and meeting fiduciary and regulatory obligations, the shift from fax and unprotected email to persistent, data-centric encryption is not just a security improvement. It is a statement about how the organization handles the trust that residents and partner organizations place in it. In Riverdale, that shift happened quietly, without workflow disruption, and without complaints. That is precisely how it should work.
The City of Riverdale, Georgia uses Virtru Email Encryption for Microsoft Outlook to protect sensitive documents shared externally across city departments. To see how Virtru can work for your team, contact us today for a demo.
Related Resources
Get expert insights on how to address your data protection challenges
/case%20study%20-%20state%20of%20florida/FL-Case%20Study.webp)
Florida's 14th Judicial Circuit Protects Sensitive Case Data with Virtru Email Encryption
/case%20study%20-%20GTA/GA-GTA-VVOC.png)
"Building Guardrails" — How Georgia Technology Authority Created a Blueprint for Statewide Data Protection
/case%20study%20-%20RIVETS/RIVETS-case%20study.webp)
Rhode Island Deploys Email Encryption for Veteran Healthcare and Benefits
/resource%20-%20la%20county%20natural%20history%20museum/LA-count-natural-history-museum-resource-card.webp)
Preserving the Past, Securing the Data: LA Natural History Museum’s Data Transformation with Virtru Data Protection Gateway
/resource%20-%20state%20of%20illinois%20case%20study/state-of-illinois.webp)
State of Illinois Uses Virtru to Protect Confidentiality for Sensitive Data
/resource%20-%20state%20of%20iowa%20case%20study/StateofIowa.webp)
Right-Sized Security: How Iowa Protected Sensitive Data While Cutting Costs

The Massachusetts Municipal Association Uses Virtru to Support HIPAA, SOX and PCI-DSS Compliance

Virtru Brings Email Security and Compliance to Pitkin County
/colorado-state-case-study.webp)
The State of Colorado Uses Virtru for Controlled File Sharing in Microsoft 365
/resource%20-%20state%20of%20virginia%20case%20study/stateofvirginiacasestudy.webp)
How Virginia Uses Microsoft Purview Sensitivity Labels to Auto-Trigger Virtru Encryption
/resource%20-%20GA/GA-Case-Study.webp)
How Georgia DCS Strengthens CJIS Compliance Through Secure Cloud Collaboration
/Arkansas-Case-Study-Virtru.webp)
How the State of Arkansas Is Leading the Way on Secure Cloud Collaboration
Book a Demo
Become a Partner
Contact us to learn more about our partnership opportunities.
Become a Compliance Champion
Contact us to learn more about our partnership opportunities.