Security News > 2023 > December > To BCC or not to BCC – that is the question data watchdog wants answered

To BCC or not to BCC – that is the question data watchdog wants answered
2023-12-15 09:59

A data regulator has reminded companies they need to take care while writing emails to avoid unintentionally blurting out personal data.

As a reminder for any Reg readers living under rocks, using the "BCC" field means that recipients cannot see each other's email addresses - useful for a bulk email with a large mailing list.

The ICO cited two case studies where the "To" or "CC" fields were used erroneously instead of "BCC." In the first, an NHS Trust manually copied patients' email addresses and pasted them into the "To" field to send a bulk email about an art competition.

While the email didn't contain confidential information, the presence of all those email addresses in the "Cc" field meant recipients could identify active patients of the trust.

As well as ensuring everyone understands the difference between "CC" and "BCC," the ICO recommends rules in email systems to warn when "CC" is being used, and to add some delay in sending emails to give staff time to correct errors before a message is sent.

The watchdog also advised that people should turn off those annoying seemingly helpful autocomplete functions that might result in an unexpected email address being used.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/15/to_bcc_or_not_bcc/