Our customer doesn't want the city's bank account and routing info transported through e-mail. He was willing to do it if we could come up with a way that would guarantee it could not be read in transit.
He understands the sysadmins at each end can read it, and he understands that he has no control over what happens after it arrives at the recipient.
He, like me, has used systems that "appear" to provide a little more protection. ie; when my broker wants me to see a document, I get an e-mail that takes me to a web port. Once I log in, I can view the document.
The problem with this type of system is that a) we don't know if the employee at the state can visit any of these sites. b) we don't know if the employee at the state is willing to put forth the effort.
As for the PGP idea, we don't even know if the state employee is using an actual e-mail client.
So for know the customer really only has two options to alleviate his concerns: 1) continue sending by usps and wait a month or more for action, or 2) send an encrypted file as an attachment and HOPE the receiving mail server allows it, and HOPE the recipient will call and ask for the password.
With the possibility of little or no cooperation at the receiving end, the customer is basically SOL.