enq@springstep.co.ukFailure to use BCC correctly in emails is one of the top data breaches reported to us every year.
Even if email content doesn’t have anything sensitive in it, showing which people receive an email could disclose sensitive or confidential information about them.
Our checklist is a good place to start if you don’t want this kind of breach to happen in your organisation:
✅ We recognise that email addresses can be personal information.
✅ We train all staff on using CC (carbon copy) and BCC when sending emails.
✅ We have assessed what measures we need to implement. We have taken into account the nature of the information and the potential security risks, while also balancing the costs of implementation against the benefits of state of the art options.
✅ We use additional security measures or alternatives to email when sending sensitive or confidential information.
✅ We regularly review relevant policies, test our measures and, where necessary, improve them, to ensure they remain effective.
✅ If we use a third party to send emails on our behalf, we ensure they also implement appropriate technical and organisational measures in line with legal requirements for controllers and processors.
We have more guidance: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/email-and-security/
West London -
Camden, Ealing, Uxbridge