You are wrong.
Businesses and government have key management and they do so for these very reasons. They issue the keys you then use, so they have your key.
You dont work with computers, do you?
Here's how it works in a nutshell, the user creates a private key, typically in a browser, along with the public key in a certificate request. The cert request is sent off to be signed by a certificate authority. Once signed, the certificate is published and everyone can see it, hence, public key. The private key stays on the user's computer and never leaves.
When someone sends you an encrypted email, they encrypt it with your public key. You decrypt it with your private key. Only you possess the private key. You were issued a certificate with your public key. Businesses and government have the public key, they signed the cert, and the cert expires in a year, hence they are managed. They never have your private key.