Do you have the habit of using your personal email for client work, to communicate to your clients? After all, having just one email for all your communication – private and personal – is simple, keeps you accessible round the clock (work emails may not work outside of office hours) and ensures you don’t miss anything, right?
No! This habit can jeopardise your professional image and can land you in legal trouble. Why? Let’s find out.
This isn’t Clickbait
Recently, four employees at the Financial Conduct Authority (FCA) received written warnings after it was discovered that they had used personal email accounts to send themselves sensitive data.
This incident quickly caught the attention of professional accountancy firms around the world because here, secure handling of client data is both an ethical and a legal requirement.
This incident begs the question, why do diligent accountants, fully aware of data security rules, often turn to their personal email accounts to send and receive client information? Is it carelessness, or are outdated and overly restrictive IT systems cornering them into risky workarounds?
Why Do Accountants Use Personal Email for Client Work at All?
It’s not just a careless habit. Accountants often use personal email, for instance, to send engagement letters or proposals, because data protection rules feel more like obstacles to effective client communication than helpful tools on most occasions.
As any accountant or accounting expert can tell you, accountancy firms face intense workloads and mounting client demands, and when internal systems are too rigid or locked down, it’s no surprise some staff turn to personal email as a workaround.
Rigid IT controls, slow or limited file-sharing and stringent security policies can make use of official email accounts feel frustrating and time-consuming. Thus, under tight deadlines, personal email appears like the quicker [and better] option.
In the absence of practical tools that match the daily workflow and working procedure of actual accountants (and not just managers), staff under deadline pressure often feel they have no choice but to take shortcuts – even when those shortcuts carry serious risks.
Why is Using Personal Email Risky?
Using personal email exposes firms to serious technical, reputational and regulatory risks.
The Insitute of Chartered Accountants in England and Wales (ICAEW) UK GDPR help sheet warns, “Even if a client consents to receiving data via unencrypted personal email, accountancy firms must still ensure compliance with GDPR; consent alone doesn’t absolve them of the obligation to secure data.”
Personal email accounts lack features like enterprise-grade encryption, audit trails and access controls that accountants must have when sending data to or receiving data from their clients.
This lack of security means personal emails are vulnerable to data breaches and GDPR violations. This, in turn, makes the accountant and/or the accountancy firm vulnerable to hefty fines and long-term reputational harm.
What feels like a “harmless easy workaround” can easily become a costly liability for everyone involved.
How Can Firms Fix This Without Making Accountants’ Life Harder?
Accountants don’t choose to use their personal emails for work out of malice or ignorance. They do it because the “secure” systems available to them are too slow and clunky.
So, the solution is simple: make mandatory systems fast and easy. When firms adopt systems that are quick, intuitive and encrypted, the employees will naturally choose the safer route. No one will use their personal email because they won’t have to.
After all, you can train people until you’re blue in the face, but without a friction-free alternative, they’ll slip back to personal email every time.
Only those firms that align policy, technology and culture can keep data secure without making life harder for their employees and clients.
Who’s Responsible for The Personal Email Risk? The Staff or the System?
When personal emails become routine, is it a failure of staff judgement or a failure of the system that gives no better option?
When staff need to bypass systems to get their job done, that’s not a training issue, it’s a systems failure.
The sooner this reality is acknowledged, the sooner accountancy firms can move from blame to improvement.
Accountants must always uphold compliance; there is no excuse for not doing that. At the same time, accountancy firms must build infrastructures that makes compliance easy.
Conclusion: Make It Easy to Do the Right Thing
Most professionals aren’t trying to cut corners. They’re just trying to keep up. When the pressure of meeting clients demands are high and secure systems slow them down or block everyday tasks, shortcuts become inevitable. It’s not laziness, it’s a sign of something broken.
The solution is not in more controls or stricter enforcement. It’s smarter design. Because if the safe route is slow, clunky or frustrating, people will always look for workarounds.
So, make the secure option the easiest one. Give staff the right tools, explain the risks and design system that support how people work. This way, you can protect your clients, your firm’s reputation and your team.
What’s Next: Secure Your Communication from The Start
Client engagement is where risk first creeps in; sending fee quotes by email, chasing signatures across scattered PDFs or relying on untracked replies for approval. It’s not only hectic and messy- it's insecure.
That’s where FigsFlow comes in.
It lets you create regulatory compliant engagement letters and professional proposals in one place. It’s professional onboarding features keep everything secure and in sync from day one. So, no more risky back-and-forth.
If you’re serious about cleaning your workflow and protecting your client's data, FigsFlow is the next logical step.
Start your 30-day free trial of FigsFlow today and ditch risky workarounds for good.
English 
English (UK)