Michael Gove is reported to have been using his private email account and won’t reply to emails sent to his official address. There are so many reasons why this is a bad idea. Here is my (almost certainly incomplete) list just in case the Rt. Hon. Michael Gove happens to pass by:
- It’s not based in the UK. In fact, Google pride themselves in not telling you were the data is held (just try finding out);
- Google is a US-headquartered company. As per Microsoft’s announcement, the US PATRIOT Act seemingly trumps EU and UK data protection law, even if the data was in the EU;
- You can’t encrypt the emails at rest;
- There’s no guarantee that the data will be there tomorrow, as this example from Yahoo amply demonstrates;
- While Gmail allows you to turn on HTTPS and a form of two-factor authentication, these are optional and probably turned off;
- The foreign governments are alleged to have already hacked into Gmail;
- On occasion, email accounts have been mixed up, where one person reads someone else’s mail;
- These emails may not be retrievable under the Freedom of Information Act.
You only risk what you don’t value. If Mr. Gove believes the emails he receives and send to be of such low importance to put them at this sort of risk, is he the best person to be a cabinet minister?