My son has started a new job and is heading off for a training course on Sunday. As part of attending the training course he was provided with information about the venue and training sessions along with the other new starters. My son could see the personal email addresses of colleagues he’s yet to meet on a company email. As my son (And the other new starters) did not agree to share their email addresses, this is a data breach. A minor one, but still a data breach.
The thing is that this will probably not be reported, I mean to say, which person who has just started a new job wants to tell them that their new employer has breached data protection legislation even before they have started. The new starters don’t know if this is a regular or one-off occurrence in this organisation. They may not want to have to explain why it’s a data breach, if the sender doesn’t understand what they did wrong. It’s a minefield no-one is going to enter.
So the data breach goes unrecognised and unremedied, likely to occur again because the sender doesn’t recognise they made a mistake because no one wants to mention it so early in their employment.
Could this happen in your business?
Think about times when you share information with groups of people via their personal email address. You could do a quick check on previous emails sent or check the next email that will go out to make sure that the email addresses are hidden by using BCC.