Switching email providers feels like action. The governance gap is somewhere else entirely.

A director on one of your boards uses a personal Gmail address for board business. Maybe it's the chair. Maybe it's you. Board packs land there. Replies go out from it. The minutes, the draft resolutions, the candid side-conversation about an underperforming executive: all of it sitting in an account the company has never seen and cannot touch.

Someone, eventually, suggests the fix. Move to Proton Mail. It's encrypted, it's Swiss, it's private. Switch the director off Gmail and the problem goes away.

The instinct is right. The target is wrong. Swapping one personal mailbox for a more private personal mailbox improves the encryption story and changes nothing about the governance failure underneath it. That failure isn't the brand on the email address. It's that confidential board information is flowing through an account the organisation doesn't own, can't retain, and can't recover. Proton doesn't fix that. Nothing that ends in a personal address does.

Why everyone reaches for the provider

It's easy to see why "use Proton" feels like the answer. Personal Gmail and Outlook accounts genuinely are weak places to run sensitive business. The content isn't end-to-end encrypted, the contents are readable by the provider's systems, and the director is the only person with the keys. Proton closes the privacy and encryption gap convincingly: your messages are encrypted before they reach Proton's servers, and the company can't read them.

But notice what that fixes and what it doesn't. It fixes confidentiality against the provider. It does nothing for control by the organisation. A board's problem with personal email was never mainly that Google could theoretically read it. The problem is that the board's own record lives outside the board's reach.

The failure the regulator has already named

This isn't a hypothetical. The clearest UK example sits in the Information Commissioner's Office's report into the Department of Health and Social Care, Behind the Screens, laid before Parliament on 11 July 2022 after a year-long investigation. The investigation followed reports that ministers and officials at DHSC, including the then health secretary, had used private email and messaging channels for departmental business during the pandemic. The department was found to have made extensive use of private correspondence channels: private email, WhatsApp and other messaging apps. The ICO issued DHSC a formal reprimand under the UK GDPR and called for a government-wide review of how these channels were being used.

The point the ICO kept returning to was not which app or provider had been used. It was that sensitive official business was running through channels the organisation didn't control, with no reliable record and no oversight. Its guidance landed on a simple principle: as far as reasonably practicable, official business should be conducted on corporate channels, not private ones.

Read that across to a private board and the logic holds exactly. Swap "minister" for "director" and "government business" for "board business" and you have described what happens in a meaningful share of UK boardrooms right now.

What "the organisation can't touch it" actually costs

When board business lives in a director's personal account, four specific things break, and none of them are about encryption.

  • Retention. The company has no copy and no control over how long anything is kept. If a dispute, an investigation, or a data subject access request arrives, the relevant material is in a private inbox the company cannot search.
  • Continuity. When that director leaves, falls out with the board, dies, or simply stops responding, the board's correspondence leaves with them. There is no offboarding step that recovers it, because the company never held it.
  • Audit trail. There is no authoritative record of who decided what, when. Personal accounts get deleted, forwarded selectively, and reorganised at the owner's whim. That is precisely the "loss of transparency" the ICO flagged.
  • Accountability. Under the UK GDPR, the organisation is accountable for the personal data it processes, including personal data in board papers. You cannot demonstrate control over data you can't even see. (The UK's data-protection regime is mid-reform: the Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025, with provisions coming into force in stages. The accountability principle this rests on is unchanged.)

Moving the director to Proton leaves all four of these exactly where they were. The mailbox is more private and still entirely personal.

Where Proton actually fits, and where it doesn't

Proton is a good product. It is not, in its free form, a board solution, and it's worth being precise about why.

The free tier gives you one address, 1 GB of storage, a cap of 150 messages a day, and no custom domain. Reviews are blunt that this works as a secondary or testing account but not as a primary inbox; the storage and the daily cap bite quickly once real board traffic flows through it. There's also a quieter limitation. Proton's encryption only fully holds for mail between Proton users or PGP-savvy correspondents. Email a director on Outlook or a company secretary on Gmail and, in practice, it travels with ordinary transport encryption like any other message. The privacy win is real but narrower than the marketing suggests.

More fundamentally: a free Proton account is still a personal account. Custom domains, multiple addresses, and organisational administration sit on the paid business plans. And even then, the thing that makes it a governance tool isn't the plan. It's whether the company owns and administers it rather than the individual.

So Proton has a place. If a director wants better personal privacy, or wants to gradually move their own correspondence off Gmail, it's a sound choice, and Proton's Easy Switch import makes the migration painless. But that's a personal decision about a personal account. It is not the board getting control of its own record.

What to do instead

The fix is a policy and an owner, not a product. Concretely:

  1. Find out where board business actually lives. Ask, plainly, at your next meeting: what address does each director use for board email, and where do board papers sit? You will often be surprised. You can't govern what you haven't located.
  2. Adopt a one-line board communications rule. Board business is conducted on company-controlled channels. That single sentence, minuted, does more than any software purchase. The ICO's principle for government, corporate channels for official business, is the right default for any board.
  3. Give directors a channel the company owns. That means either administered mailboxes on an organisation's domain (which is what a managed workspace provides), or a board portal where papers are posted, accessed, and retained centrally, so the record stays with the organisation when a director leaves.
  4. Build an offboarding step. When a director departs, their access ends and the board's record stays put. If that step doesn't exist today, the personal-email problem is already costing you.
  5. Let personal privacy be personal. If individual directors want Proton for their own use, encourage it. But don't mistake it for the board's control mechanism. Those are two different problems with two different fixes.

The point that matters

The question a board should ask isn't "which email provider should our directors use?" It's "does the company control its own board record, and can it prove that?" Provider choice is the last ten percent of that question. Ownership, retention, and continuity are the first ninety, and no amount of encryption on a personal account touches them.

If you don't know how your board would answer that question today, that not-knowing is the finding. It's also the most common gap I see, and it's a quick one to close once someone actually looks.

This is the first of three posts on where board email really lives. The next looks at a free setting that genuinely does harden a director's Gmail, and why even that isn't the answer: The Free Setting Every Director on Gmail Should Switch On Today.