• I Received a Virtru Email

What Insecure Email Means for Consumers (and What You Can Do About It)

Let’s say you have a mortgage or an investment portfolio, and your bank needs to share your information with a third-party to assess risk or analyze accounts. It’s very likely that you’ve signed a very, very generous privacy agreement with your bank which allows them to share any information with vendors and third-parties to service that account.

This is very common not only with banks, but with cable companies, lawyers, accountants, telecommunications companies, hospitals, retailers, and other critical businesses we interact with every day. When you are a customer, you sign (often implicitly) a privacy policy which allows a company to share data with partners. This agreement goes out of its way to shift all of the risk on you – the consumer. Instead of just accepting this from businesses, consumers need to start asking questions about internal security practices. One suggested question: “Do you use Virtru for Business to secure emails to external partners?”

Businesses Make No Promises when it Comes to Privacy

Unless you are dealing with a very heavily regulated industry like healthcare you are often at the mercy of whatever privacy policy you’ve signed. In healthcare, you have HIPAA – a strong set of regulations that compels companies to protect patient information, but other industries are not so well regulated when it comes to privacy. For example, I took this clause from the online privacy policy I’ve agreed to with my online bank:

“where permitted by applicable law, we may share with others the information we collect from and about you.”

That’s a broad statement, and one that should leave you, as a consumer, feeling a bit unprotected. What that clause says is far outweighed by what it doesn’t say. Here’s what it doesn’t say:

  • It leaves it to you to figure out what the ‘applicable law’ is.
  • It doesn’t specify who ‘others’ is. This is maybe the most concerning omission.
  • It doesn’t say, “we will make our best effort to encrypt all personal account information sent to ‘others’.”
  • It doesn’t say, “we will make sure that when our relationship with ‘others’ terminates that they will delete your account information from their systems.”
  • It doesn’t say, “we will conduct strict audits of all partners who received your data to ensure that your information is secure.”
  • Wait… the information from me, and “about” me. Hold on, what do you mean?

What it does say is that my bank can share my data with anyone and we’re making no promises after that. When businesses share private data with other businesses there has to be a better way to protect this data? As consumers we should demand more of the businesses we do business with.

Demand Virtru for Business

When you interact with a business that you know is slicing and dicing your data. When you know that they are going to be storing your sensitive information you can do something. You can redline these contracts and add clauses about data security. It’s true, you might not have much luck redlining a privacy policy from a large, multinational bank, but you can start with the small businesses you work with every day.

You can start by asking your lawyer and your doctor to start using Virtu for Business to secure email. Just bring it up, try your accountant first, “Ok, so I’m sending you my tax return, but I don’t comfortable sharing this over email, I sent you a document using Virtru for Business.” Or, if you go to a lawyer who wants you to forward an archive of email, insist that they use Virtru for Business so that you and the professionals you deal with can maintain control over the information you share.

At Virtru, we think that everyone needs to do a “reset” on email. People need to understand that there’s a better way to share sensitive emails and attachments. As consumers we need to make up for the fact that many business are blasé about privacy, it’s just not a priority. So, make it a top priority and insist they use Virtru because your privacy is really your business not theirs.