… some people didn’t
You may remember my email about John a couple of months ago.
A simple error that could’ve had a big impact.
It seems John’s mistake is not uncommon and in two cases, the story of what happened is more widely known.
If you recall, John sent an email internally to his team, but instead of using BCC, he included all email addresses in the To field.
There were some complaints, but luckily for John, nothing more serious. He realised it could have been worse, so reminded himself and his staff on the rules to stop it happening again.
However for two organisations in Northern Ireland, their “simple” error has led to reprimands from the ICO.
Part of the Executive Office of the NI government, the Interim Advocates’ Office was set up to look at historical abuse in children’s homes over a 70 year period starting in the 1920s.
They sent an email newsletter to 251 people, using the To field, causing the inappropriate disclosure of email addresses to all those on the email list.
A similar error occurred when a member of staff at the Patient and Client Council in NI sent an email to 15 members of a Gender Identity Liaison Panel, using the CC field instead of BCC. This again allowed the disclosure of email addresses which should have remained confidential.
Both these incidents allowed other recipient’s on the email lists to infer health information about others, therefore disclosing potential special category personal data.
These cases show how easy it is for a simple mistake to have consequences for many people – a reminder to make sure everyone is aware and follows the rules around data protection.