ICO highlights alternatives to using the "bcc" function on email.
The Information Commissioner's Office has issued a warning to organisations to use alternatives to the blind carbon copy (BCC) email function when sending emails containing sensitive personal information, following several high profile data breaches by organisations.
The warning accompanies new guidance from the ICO to help organisations understand the law and good practice around protecting personal information when sending bulk emails.
The ICO says that the critical importance of using appropriate methods to send bulk communications is emphasised in its recent enforcement action. In August 2023 the ICO reprimanded two Northern Irish organisations for disclosing people's information inappropriately via email. Further, in March the ICO issued a reprimand to NHS Highland for a "serious breach of trust" after a data breach involving those likely to be accessing HIV services.
According to ICO data, failure to use BCC correctly is consistently within the top 10 non-cyber breaches, with nearly a thousand reported since 2019. The education sector is the biggest offender for BBC breaches, with health in second, then local government, retail and the charity sector all in the top five.
The ICO has set out four key issues: