Data Breach Caused By Not Using BCC In Email

Published on: 19th July 2018
By PYXI GDPR Team


The ICO has reported on a case of human error leading to a data breach, for which they've issued a fine of £200,000.

"On 27 February 2017, an IICSA staff member sent a blind carbon copy (bcc) email to 90 Inquiry participants telling them about a public hearing. After noticing an error in the email, a correction was sent but email addresses were entered into the ‘to’ field, instead of the ‘bcc’ field by mistake."

According to the ICO this put vulnerable people at risk.

This instance illustrates the importance of correct training and procedures for managing email communications. Though the sensitivity of the data in this case makes it especially worrying, it also shows how easy it is to cause harm to people through lack of thought, attention or "by mistake". By bringing this to the public's attention the ICO gives everyone the opportunity to think hard about the data protection, safeguarding and security measures that are in place within all organisations in the UK.

You can read the full story here: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/07/independent-inquiry-into-child-sexual-abuse-fined-200-000/

PYXI GDPR Team: 19th Jul 2018 07:47:00