There is actually no reason why email address should be visible/readable to staff at all, at least not by default.
Beside the masking of the email. make a configuration “email visible to staff” and turn it off by default.
This information(email address) in most cases does not have any operational value for individuals on this type of system even to a trusted staff. having a staff contacting a user by email not via the system, will probably require TOC change as well. more headache for site operators.
To a certain extant having this information “out there” create potential legal complexity and increase the risk of data privacy violations and security risks.
Imaging if a staff account get compromised it can potentially allow an attacker to harvest the entire user base email address.