To CC or BCC?

  • By Paul Sullivan

The Information Commissioner’s Office (ICO) recently imposed a £80,000 on Gloucestershire Police for a (pre-GDPR) data breach which involved sending a bulk email identifying victims of historic child abuse.

In December 2016, an officer sent an update to 56 recipients by entering their email addresses in the ‘To’ field rather than utilising the ‘BCC’, or ‘blind carbon copy’, function.

Each recipient could therefore have had sight of the details of every recipient of the email.  It is understood that recipients included victims, witnesses, lawyers and journalists and that the email also made reference to schools and other organisations being investigated.

Steve Eckersley, ICO Head of Enforcement, said:

‘This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity. 

The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.’

Something to bear in mind before you next click ‘Send’? 

For more information about this article, or any other aspect of our business and personal legal solutions, give us a call on 028 9032 2998.  There is no charge for initial telephone advices.

Get in touch
Emailbreach

Back to all posts

How can we help you?

Contact us today to arrange a free ‘no obligation’ meeting.

Subscribe to eBriefings

* indicates required

Please select how you would like to hear from us:


You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.