[dwedge]

I had one who sent me the booking details of another client in the plaintext part. I reported it to them nearly a year ago and they didn't reply, so screw anonymity, it was Avis.

[kuschku]

If you're in EU or California, you should probably email the local data privacy official's offices about that.

[kbolino]

text/plain != plaintext

This is about media types, not encryption.

[dwedge]

Do you think I was talking about encryption, or is it not more likely I meant text/plain given the context?

[kbolino]

I'm sorry, I did not properly read and comprehend your original post. I thought you were saying "they put sensitive details in the text/plain part", implying that those details somehow only belonged in the text/html part. What you actually said was "they put somebody else's sensitive details in the text/plain part".

[hermanzegerman]

Then report it to your government authority in charge of GDPR Enforcement. They suddenly will care very much about it