Privacy and Email: Lessons from the Sony Data Breach

One of the hottest topics in the news recently was the hacking and data breach at Sony. While email exchanges about President Obama and Angelina Jolie don’t have any relation to what we do at FlexToday, it can teach us some very valuable lessons about data security.

The first lesson is that it is not wise to anger a hacker, whether that hacker is in a foreign country or someone in your own IT Department (and, yes, your IT staff knows exactly how to spy on your emails).

The next lesson is that our email, something we assume is private and secure, may be neither private nor secure.

In the Sony hack, not only were scripts and personnel disputes disclosed, but also personally-private information such as home addresses and Social Security Numbers as well as medically-private information including doctors’ Leave of Absence letters and medical claims payment information.

This perfectly illustrates why we have strict policies and procedures when it comes to email at FlexToday. Do you really want to have someone’s medical information on your email server?

FlexToday does not accept claims, census and COBRA information by email for two reasons; our email server and your email server.

To facilitate the safe transfer of data, FlexToday offers secure systems, including one-way encrypted drop boxes to accept sensitive data.

Even the best data security measures can be breached, so minimizing your exposure is the best defense. To quote from a 1980’s TV series, Hill Street Blues: “Let’s be careful out there.”

This blog is presented for the consideration of our clients and business associates. It is not intended to be legal, accounting, tax or professional advice. This information is not directed to any specific situation or individual and we do not assume liability for the use of or reliance on this information. FlexToday respects your privacy and will make every effort to preserve your privacy but we do not and will not assume responsibility or liability for the content or use of any information you choose to post to this blog. The comments posted on this blog are not necessarily those of FlexToday, Inc. or its employees or representatives. This is a brief version of our privacy policy. For more information on our privacy policy as well as other policies and procedures, please refer to our main website,