The most important thing anyone can do to safeguard their email is to have a good password which includes upper and lower case letters, numbers, and symbols for their email. Someone having your email in itself isn't really a threat and long as you are careful about the links you click in emails and the files you open. What is dangerous about someone having your email is what they can deduce from it or what they can do with it as part of a blended threat.
Here is an example. Lets say your email address is
JohnSMith123@hotmail.com. Chances are your username at banking, shopping, and other sights is the same or, worse, the sites use your email as your user name. If I can get into your email account I can reset or get access to all of your banking passwords because almost all of the sites have a "forgot your password" link that uses your email to reset the forgotten password. This is why your email password needs to be complex and different from every other password you have.
Why different? Well that is where the blended threat comes in. I have your email and can send you a phishing attack that states your information at Chase/Citi/BofA/whomever has been compromised. You log into the fake site and enter your Chase/Citi/BofA password and I now have that site's username and password along with your email address. That is bad enough but if you use the same password for your email address as the credit card or banking site I just impersonated I not only have your username and password for that single site but I can get into your email and use it like I described above to get into all of your e-commerce sites.
There is little you can do to keep your email private. I go with the assumption that everyone on the planet has mine. What is important is you secure it with a good, strong password that is unique to only your email account and that you are careful about links you click in email. If you get an email from Chase don't click a link in the email, go directly to the Chase site and log in there. I am the I.T. director of a financial institution and if we had a breach we would never send a link in email to have our clients change their passwords or information for this reason. We would have a link provided right on our site where you can check the validity of the SSL certificate before proceeding.
As HonestAbe stated in his other post third parties have a lot of information. This isn't only try of email lists but third parties clear credit cards, checks, ACH transactions, and a lot of other financial instruments. It is the way of the world and they, unfortunately, have breaches. Sadly most aren't as good with sensitive information that should be encrypted or hashed instead of stored in databases in the clear.
I would recommend everyone change their email password if it is weak or shared among multiple sites and be vigilant about you click in email. I'd also learn how to check the SSL certificate of any banking or shopping site I use. A quick Google search will tell you how to do this in your browser.