How to protect email addresses in a customer database when you and other third parties?



  • I am wondering what methods are used by big companies to protect customer email addresses in their databases. They usually have salespeople all over the world and multiple third-parties (Salesforce, transactional emails, etc.) also need to access the data and need to be able to send emails to customers, making regular encryption methods not really practical.

    I am working on a project where we will have to store and interact with a large amount of customers via email and I can't find a solution other than storing their email addresses in plain text in order to be accessible to third-parties and our salespeople. But that doesn't seem very compliant and safe as a data leak could create a serious impact for our customers (phishing, use it to login, etc.).



  • As schroeder says, if there is a requirement for people to have access to that data then grant them that access. However its quite trivial to add in an anonymization tier that maps any email address to a local email address then provision a forwarding service at the receiving end of the generated address which forwards to the intended recipient. Gumtree, for example, does this. However it can be rather irksome.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2