Based on the discussion in T271202, there is no approved procedure for transferring confidential data to authorized users other than having them set up production SSH access and retrieve the data from there. This is secure, but not easy, mainly because of the inherent complexity in setting up and receiving SSH access and using the command line.
We should have a process that's both secure and easy. This will primarily require the approval of Legal, although SRE and Security would need a chance to review as well. If it involves the use of any new software, that will require the involvement of IT Services.