The real question: “When is it OK to use a personal email for business purposes?”

The short answer: “Never”

Risks of using personal email at work:

  • Because it can cause: embarrassment, financial penalties or even legal difficulties.
  • Personal email is not subject to backup, archiving, security or governance.
  • Continuity can be a big issue – what if this employee leaves the company? Those emails leave with that individual – along with any relevant information, making future searches more challenging.
  • Employees might use a personal email address to set up any number of functions critical to your company’s day to day operations, for example web hosting accounts or purchasing domains. The employee’s personal email address then becomes the owner of the account so if that employee leaves, you may have a difficult time taking ownership of the assets they setup on the company’s behalf.
  • You may have your company email set up to combat email viruses, but your employees' personal email accounts may not have that level of protection. One employee opening up an email virus on a company computer can leave you and your entire business vulnerable.
  • Poses serious risks of IP theft, losing company privacy or violating customer privacy.
  • Access by non-employees…many free Webmail services have fairly weak recovery mechanisms for users who forget their password. This means that attackers might be able to guess the user’s challenge questions correctly, and gain access through the recovery process.
  • Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world. You have no way of knowing all the places where your company data is stored, or where it’s been transmitted.
  • Major email providers like Gmail scan their users’ emails (and the attachments), destroying privacy. (Google is actually fighting to keep on scanning Gmail users' emails in court.)
  • Personal email accounts are not covered by your company’s security policies. Your employee may have agreed to Gmail’s Terms and Conditions (which allow for email content searches), but your company didn’t. You may have a good data privacy policy in place—but personal email accounts can bypass it with one click of the “Send” button.
  • If your employees are dealing with sensitive client information or company secrets, you won't be able to control whom they send it to. An unhappy employee could severely hurt your business and expose you to legal liability by disseminating confidential client information that they have saved in their personal email.
  • Question: Does allowing employees to send email addresses from [email protected] present a professional image for your organization?
  • If you receive a customer complaint or claim that the customer never received what was promised to them, good luck tracing your records to try and understand the series of events.
  • Question: How can you distinguish company ownership vs personal ownership with respect to processes and clients?
  • The legal risks
    • Since personal emails are not stored on company servers, and discovery requests are seriously compromised presenting legal risks to your organization.
    • If there are regulations covering your business (such as HIPAA), personal email means your company is likely to be found out-of-compliance.

Sources:

What more? Google - “risk of using personal email at work”