No Free Lunch: Why Giving Out Email Addresses Can Compromise Digital Privacy

Everywhere you turn these days, you hear about the problems with digital privacy. As fast as legitimate companies work to invent and deploy new methods of protecting privacy, bad actors find ways to circumvent them. This presents a massive concern for employers and individuals; many aren’t fully aware of the risks they face when their digital privacy is compromised.

How can a simple identifier like an email address lead to privacy violations and unwanted circulation of your data, and what can you do to minimize the danger?

What An Email Address Discloses

When someone enters their email address into a website, it typically means they’re accepting the terms and conditions of the site. Usually, this means the email address and other data that the website captures can be shared with or sold to—and potentially stolen by—third parties.

Email addresses connect everything we do online. Every time we enter our email, it’s stored in a database, and each instance of it identifies the products and services we use. These instances can be cross-referenced to create a comprehensive picture of us that includes information such as:

  • Our geographic location.
  • Our employment.
  • Hobbies.
  • Friends.
  • Social media profiles.
  • Search history.
  • Physical movements.
  • Films we watch.
  • Publications we read.
  • Banking products we hold.
  • Websites we visit.
  • Newsletters we subscribe to.
  • Products we buy.
  • Reviews we write.
  • Travel destinations we visit.

Aside from giving companies the ability to serve us with personalized advertisements, giving out email addresses can enable them to understand everything about us. For example, if you’re signed into Google and browsing on Google Chrome, your email address is associated with every website you visit and recorded in various databases. Anyone with access to that data now possesses in-depth knowledge about your life.

They know what type of person you are, what you read, the sports you play and the purchases you make—and there’s no privacy associated with the information. While that might not quite result in someone coming to your home and doing something nefarious, do you really want all of that information about you available to unknown parties?

The Digital Privacy Risk For Business Owners

The risk of employees giving out their company email addresses is even greater for business owners. It could jeopardize the acquisition of a large new client account. Tracking employee activities, such as visits to prospective client websites, can provide competitors with intelligence on who a company is talking to.

Downloading content from a supplier website using a business email address can reveal the fact that a company is in the market for a particular product or service, resulting in unwanted solicitation from other providers.

Moreover, employees could be targeted via their email addresses for phishing or spear-phishing attacks to get them to download viruses or malware that can give bad actors access to systems or reveal sensitive corporate information.

The Long-Term Impact

It’s impossible to guess what the impact may be of having all of this information about us or our employees available long-term to anyone with access. A few decades ago, a Social Security number wasn’t particularly sensitive or private. It was just a number we had as citizens that showed we would receive Social Security at a certain age.

Now, it has evolved to indicate tax return status, credit scores and other aspects of daily life—many of which can be patched together in the back end. The result provides a complete view of us as individuals, making us vulnerable to hacking and theft. The same fate could be in store for email addresses—an identifier that puts us at future risk.

How To Protect Your Employees And Your Company’s Digital Privacy

Few companies can enact policies stating that employees can’t use their email addresses on specific sites. We need improved education around the issue so that employees and individuals understand the risk of entering email addresses. Once they appreciate how these sites can be linked and the picture they’re providing of their activities, they’ll be less inclined to provide their emails.

Currently, most companies operate on a reactive basis, but I think we need to shift toward the offensive and educate employees. Some suggestions include the following.

1. Creating several email addresses to use for various aspects of life. While I’m not suggesting having employees create 20 or even 10 email addresses, it could be helpful to encourage them to have two or three. For example, if an employee is a hobbyist, they could have one email address for everything to do with their hobby. They could have another related to personal finance and a third for other specific interests.

2. Using email masking tools offered by some providers. These include Apple’s “Hide my Email” option and Mozilla’s Firefox Relay. These functionalities can allow employees to create random email addresses to use with apps and websites so that their personal or company address remains private.

3. Opting out of any sites that use the new Unified ID 2.0 technology. UID 2.0 transforms email into a digital character string or token. While it claims to improve digital privacy, it actually doesn’t prevent the token from being linked to a person’s email address. Let employees know they can opt out of this.

4. Updating cookie settings. Most browsers give users the option to turn off their cookie settings, which prevents a website from being able to connect their online activity with their email address. Let employees know that this could not only help protect them from an invasion of privacy but it could also reduce the number of retargeting ads they receive.

In the digital era, there really is no free lunch. You might think you’re getting gratis information by entering your email address, but in fact, you’re contributing to the profitability of third-party players who can sell your data to the highest bidder. If that data compromises you, whatever you received in exchange for your email address is almost certainly not worth the cost.

You can read the original article posted in Forbes by Rhymetec CEO, Justin Rende.

Interested in reading more? Check out more of our blogs here.