Not sure this is the place to pose this question, but here goes. I'm working on a flood audit & have discovered the 3rd party performing the determinations is transmitting them via (PDF) e-mail. Although the form does not include SS or acct #'s, the customer name & address obviously is. Our e-mail system is an unsecured method of communication & can be intercepted by an outsider. Could this be considered a breach of privacy?