Guest user Created: Jul 28, 2018 Last commented: Jul 28, 2018

Email addresses and data breaches

Yesterday a member of my team sent out an email to all active employees, the content of the email was not sensitive but the email addresses were included in an outlook group that was added to the TO: field in the message resulting in everyone receiving the message also seeing everyone else’s private email address. Email addresses were the only data item concerned.

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Jul 28, 2018

We have recorded this in house in the Data Breach Register, recalled the messages to minimize the impact and taken steps to prevent it happening again.
However I am unable to ascertain if this would require reporting to the ICO. My interpretation is that this would not constitute a risk for the rights and freedoms of individuals and therefore would not require reporting to the ICO. Please can you advise.

Answer:

If the only data that was disclosed to unauthorized recipients are email addresses then I would say is safe to say that there is no risk to the rights and freedoms of the data subjects and is not necessary to notify the ICO.

To learn more about data breaches check out our webinar “A How-to Guide for GDPR Data Breach Notifications” (https://advisera.com/eugdpracademy/webinar/a-how-to-guide-for-gdpr-data-breach-notifications-free-webinar-on-demand/).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 28, 2018

Expert Advice Community