Email & Data Privacy in the age of Personalization

While contemplating the state of our email & data privacy, my mind wandered to the thought a famous book title - Barbarians at the gate!! & then the idiom came to my mind- All roads lead to Rome. Almost instantly, the mind created a picture of a maze with a gate at its center and all paths leading to it without any blockages/ interruptions. When I tried to corelate this with my thoughts on email & data privacy – pieces of the puzzle came together. Personal data - Treasure chest at center of the maze; Email- Gate that guards the treasure chest; Our maze works in a different way though- rather than the “barbarians” (not in literal sense) converging from all paths on the treasure chest, custodians are running out through all pathways, opening all the intermediate gates and blockages, to welcome the “barbarians”. The handover (not takeover in this case) is imminent!??

In my analogy above, I have compared email to a gate that protects the treasure chest of our personal data. Why? Email is no longer only a medium of communication, but one of the most widely used attribute of our Personally Identifiable Information (PII). Email has come to be our identity in ways more than one. Access to email can mean access to our communication, banking, confidential financial information, shopping activity, health reports, credit card information, social media and what not, sans frontiers. ?

Is this what we wanted email to be? A single sign on into the most important aspects of our lives? Many of us may agree - no! We have reached a stage,?when talking about a subject like our personal email,?#dataprivacy and #datasecurity are no longer buzzwords, but existential threats. The GDPRs of our time are acknowledgement of these threats.????

Is this meaning to say- we should stop using emails to communicate? Definitely not! ?

We are conscious today about segregating our trash in bins of different colors depending on the nature of the waste. But we are comfortable with the idea of using our email interchangeably as an identity attribute, activity tracker and a means of communication and distribute it as freely as putting it on a billboard. Probably, this is one reason where matters get complicated! We make this “all-in-one” master key available to most around us. We oblige some and the others find their own way in. ?

With our second nature of instant gratification, we are in love with the idea of having everything in one place. With this, we risk to lose everything as we put all our eggs in one basket. The Egress Group Data Loss Prevention Report 2021 has revealed that 95% of IT leaders say that client and company data is at risk on email. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months. ?

It is interesting to note the above research findings, despite the multiple shields of protection around our work emails. Most organizations force a password change for work emails on predefined intervals. I am not sure how many of us have changed personal email passwords in the last few years. We almost never log into (out of network) mobile applications using our work email, we almost never create non-work social media accounts using our work email, we almost never share our work email with sellers and service providers. In the work environment, email has been largely successful to be true to its primary purpose- being a channel of communication. And still only 5% of IT leaders surveyed were comfortable with the security of data on email.?

Have we even fenced our personal emails with similar sincerity? On the personal front, we seem to have sacrificed the sanctity of our emails to the convenience of “single sign-on”. Our personal email is one of the most valuable and yet, among the most easily reachable digital assets out there. It is used to reach out to us, log us into various applications and websites, track our activity across the web, and what not. ???

Not to say that the nonchalant transition of email to extended use cases has been insidious, lets step back and reflect- was this the purpose someone came up with the idea of email in the first place? The first ARPANET network mail was sent in 1971 and was designed to be a means of communication within the network.?Intuitively, most of us still tend to believe that purpose of email is still - “To send and receive messages”, “To communicate” etc.?

Wikipedia, the Free Encyclopedia describes email as – “Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant only physical mail (hence e- + mail). Email later became a ubiquitous (very widely used) communication medium, to the point that in current use,?an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.”?

In my opinion, this is where things started getting a bit complicated. We are eager to play the trumpet against sellers and service providers for not being able to do enough on the data security front every time infamous data breach news make it to the cover page. The questions to ask are- (1) Should businesses stop asking for your email addresses/ phone numbers? (2) As customers, are we doing enough to protect ourselves and our precious privacy and what more can we do???

To the first question, I believe sellers and service providers need a reference point to contact you. The choice has always been with the customer, how they wish to be contacted. We as customers have chosen this reference point to be our personal email and phone numbers because of its inherent convenience. Initially, this did not seem to create any issues. With time, we realized where we have all landed. While responsible businesses have always taken steps to keep data safe and secure, sometimes they are outsmarted. ?

So, what can businesses do about this? Most businesses prefer having their own ecommerce application, loyalty application etc. with a strong belief that their customer will download their application because of the value that they offer. The expansive proliferation of such mobile applications has been so overwhelming that we need app “library” in our phones to manage these effectively these days. However, even with so many apps, the preferred mode to reach the consumer is still email/ phone number. ???

We as customers, keep distributing our emails and phone numbers to every seller and service provider who asks for it in return for rewarding our “loyalty”. While our email was supposed to be our own “personal mail-box”, it has quickly transformed into a “public post-office”, with all sorts of people reaching out with communication, invoices, promotional offers, and sometimes even news of unexpected inheritances from unheard of relatives and friends and grand lottery & lotto wins from tickets we never purchased!???

Over time, these high-tech “post-offices” came up with the cool terms “spam” and “spam filers”. These were supposedly and, in some way, sorting our mail for us like the good old times. In doing so, sometimes important stuff gets lost. Recently, I was trying to locate a digital receipt?in my email, for a purchase made from a seller?3 months back. This seller?instantaneously?sends digital receipts to my email every time I make a purchase and keeps sharing other emails of new product launches, personalized offers and events and promotions. 9 out of 10 times, I never open such emails. In the heap of all such emails from the seller,?I struggled and finally gave-up on what I was really looking for - the receipt. Six months down the line, this is going to even more difficult. Two years down the line, almost impossible.??

This brings us to the second question, (2) As customers, are we doing enough to protect ourselves and our precious privacy and what more can we do??I believe there is a compelling need for our personal email to be treated with more respect and confidentiality by ourselves, before we can expect others to do that, almost like a Passport or Social Security Number. No one goes around distributing these, unless necessary, for a justifiable purpose and only on a “need to know” basis.??

So, what can we do as customers to protect ourselves from the threats out there? There needs to be a conscious effort to inculcate reasonable and responsible behavior towards our personal email, if we are truly concerned about our #dataprivacy and #dataprotection.?

A simple starting point can be to have separate email for the important stuff. Similar to our work email, try not to share this with everyone in the commercial space, mobile applications, websites etc. That way, we will not only feel organized and clutter free when dealing with segregated data and information, but also would have added a simple yet effective layer of security to the important stuff while having an easy access to the commercial stuff on a need basis. While this in itself may not protect us from the risk of data breaches, but it may reduce the quantum of risk substantially. Have an alternate email/ id where you are comfortable receiving and storing all commercial and other promotional stuff.

Taking ownership of #dataprivacy is the first step in ensuring our #datasecurity and #dataprotection.