No doubt we have all seen the reports of huge data breaches from the likes of British Airways in the headlines recently and the eye-watering fines that have been levied against them. However there is a much more common data breach and it usually begins with an email containing something like “I don’t think this message was intended for me”. Yes that’s right you just sent or copied an email to the wrong person!
We have all done it, but depending what you transmitted and the industry you are working in this could be either comical or potentially disastrous . if you are working in the legal, medical or financial sectors it’s possible you just transmitted sensitive information to the wrong person which could have major implications for the individuals concerned and your wider business. Even an email that did not have sensitive attachments but did contain phone numbers, email addresses and names of other people is, in fact, a data breach and, believe it or not, is actually the most common data breach reported to the regulatory authorities.
So what should you do next ?
From discovery of your error, you now have a 72 hour Clock ticking.
Mistakes happen but you need to be seen to act responsibly. Confess immediately to your boss and teams around you. Your IT Team should have a process in place for such an event.
You should start with a well-considered apology to the parties concerned ASAP. If it was only names and email addresses transmitted, this may be enough together with written confirmation of deletion. However, humble pie will be your diet for a while, get used to it!
If its highly sensitive data you transmitted in error, you need to get legal advice as quickly as possible. That 72-hour timer takes no account for holidays and weekends.
What can be done to prevent or minimise this occurring in future –
· Disabling the autofill feature in outlook would be a good place to start.
· Have a manual checking process in place on sensitive communications.
· Ensure you and all others receive appropriate data awareness training.
· If you regularly send sensitive information by email, you need to look for an email security solution.
· Try to hide it.
· Rely on basic technology, it makes us complacent.
· Overly Stress. Your corrective and preventative measures count for a lot in these matters when they are escalated.