Incidentally, I disagree with OP that the answer of "The person started off by asking me if it was an excel file, a PDF, etc." was totally unacceptable. Excel and the PDF standards both have encryption support, so if the "sensitive data" were an Excel file, the path of least resistance would be to pointy-clicky through the menu and click "Encrypt this here spreadsheet" (or whatever the command is). Likewise with the PDF, but with Acrobat instead. Of course this does not solve the general problem of "how do I protect sensitive data?", but maybe he doesn't want to bother looking up and verifying your public key, installing GPG or setting up S/MIME or whatever if a simple solution exists. If I were to send you a spreadsheet of salary data for the company, you can bet I'd just encrypt the fucker within excel and tell you the password via some other channel like the telephone.
For future reference recently what I made my company do for sending encrypted files is:
- 1.- Putting the file in a
- 2.- Uploading the
- 3.- Sending the link through email, and calling the other person through the phone giving them the specific link decryption password
It's simple, it's easy to do so anyone including non-tech staff can easily do it and it ensures a very good level of file protection, also ensuring the data only gets to the person it's intended to get to (As opposed to using the sFTP to drop stuff for example)
Just thought I'd mention it in case anyone was curious of what a good way to do this for general files might be.