Every organization handles Corporate E Mail process. Just as having a website is one of the Digitization steps taken by all companies, having a corporate e-mail system is another early step in the process of digitization of business.
I would like to raise some issues on the application of DPDPA compliance related to handling of the E Mail system by a company for the industry professionals to debate.
For handling the email requirements, an organization sets up an e-mail server often in the domain name which is also used for its corporate website. For example abc.in is the domain name of the company and @abc.in is the email IDs used by the company.
The @abc.in emails are allocated to the employees such as firstname.lastname@example.org. It is also allocated to certain positions in the company such as email@example.com.
Outward emails are sent by different designations such a firstname.lastname@example.org or email@example.com or firstname.lastname@example.org, email@example.com or firstname.lastname@example.org etc.
Outsiders send e-mails to these email addresses and also to employees such as email@example.com. E Mails to firstname.lastname@example.org may be personal or business related. It may also contain a CV requesting for job. This could result in accumulation of unstructured personal data in the company’s assets.
Many companies are using and will continue to use “E-Mail Marketing” as a part of its corporate strategy where they will send out e-mails to their prospective customers.
In such cases different compliance issues may arise.
If a Company has to be compliant with DPDPA 2023, it has to therefore develop a policy for handling the e-mail identity of the employees.
We may recall the case of Cavauto S.R.L where the regulator fined the company for accessing the email email@example.com in the PC of the Company allocated to the employee under the premise that there was no proper notice to the employees that their personal emails could be accessed even in the company asset and business email.
Can such a situation arise in India under DPDPA 2023?
If so, what compliance measures could mitigate this risk?
Let’s debate. Send your views …to naavi ..or comment below..
Ujvala/FDPPI ‘s service “E Mail DTS” is designed to evaluate the risk mitigation efforts towards meeting the challenge of Personal Data Processing in the E Mail management process.