14 September 2015

Once more unto the (data) breach

suitably blurred email address so the data breach is not repeated
When the email about consulting on teachers being allowed to have resident permits was sent out to hundreds of residents in batches of 50+ the email addresses of all recipients were put in the "to" box and so were visible to all the other parties, as the picture above to give you an idea of the number of email addresses. If the bcc box had been used there would not have been a data breach but it is an amateur way of going on as this sort of error is prone to occur (Mr Mustard met a friend the other day who had just recovered from a long operation and sent, he thought, a txt to a common aquantance with a report on how the patinet was recovering but accidentally txted it to the patient themselves, doh! Luckily it was not at all negative although the patient did suggest that Mr Mustard could have said he was "looking fabulous" - he will from now on even if he looks like death warmed up) and there is special software that can be purchased for customer contact and/or the mail merge functionality built into Outlook (and presumably in similar email software) could be used:

A schoolboy error having occurred the council response was to send round an email asking you to delete the message thus guaranteeing the exact opposite as it must be interesting if the council want you to get rid of it.

Dear Sir/Madam,

I refer to our email regarding the engagement for the introduction of a School Parking permit sent today.

We are aware that the email has gone out with other email addresses contained within the address list and sincerely apologise for this error.

We would ask that you kindly delete this email from your inbox and in your deleted items.

Again we apologise sincerely for this error which was caused by human error. The Council takes data protection responsibilities extremely seriously and this incident is now being investigated by our Information Management Team.

Again we apologise for this error.

Yours Sincerely,

On Behalf of Information Management

As to whether or not the council should report itself to the Information Commissioner, the council's view is this:

This incident is not of the level of severity that warrants reporting to the Information Commissioner’s Office.

A number of people were livid and emailed Mr Mustard. Mr Mustard thinks the data breach is a serious one due to the volume of email addresses involved. This isn't the first data breach that the council have perpetrated. At least one person (not Mr Mustard whose email addrees is well known so isn't really breached by publication) is reporting the council to the Information Commissioner.

Yours frugally

Mr Mustard

No comments:

Post a Comment

I now moderate comments in the light of the Delfi case. Due to the current high incidence of spam I have had to turn word verification on.