The issue under E-SIGN has nothing to do with privacy of personal information. That is a separate issue altogether, and personal info shouldn't be send via unsecure or unencrypted email.
The E-SIGN issue is that you need to disclose certain information about what you propose to have covered, what the consumer needs (hardware, software, etc.) to receive and read it, how it will be delivered. The consumer has to demonstrate that he can receive information in the format and via the channel you'll use, and provide consent to receive it electronically.
It's all spelled out in section 7001(c) of the E-SIGN Act. We have it conveniently accessible here on the BOL site at
https://www.bankersonline.com/regulations/esign-7001. Check it out.