Useful guidance below to avoid data breach by mistakes using BCC in emails. One of the most common data breaches is user error! Should you suffer a data breach each out to use. We provide a lot of Data Protection & GDPR support: https://hunningsconsultancy.co.uk/gdpr-support/
"Failure to use BCC correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved.
When you use the ‘BCC’ field to send an email, the recipients can’t see each other’s email addresses. You can use this if the personal information you’re sharing isn’t sensitive and there’s little risk. But if your email may reveal sensitive information about the recipients, you should assess whether using other secure methods would be more appropriate.
You could:
· set rules within your email system to provide alerts and warn email senders when they use the Carbon Copy (CC) field;
· set a delay, allowing time for errors to be corrected before the email is sent;
· turn off the auto-complete email function to prevent the system suggesting email addresses in the recipient’s box; and
· use the NCSC email security check tool.
Under data protection law, organisations must have appropriate technical and organisational measures in place to ensure personal information is kept safe and not inappropriately disclosed to others.
Organisations that use and share large amounts of data, including sensitive personal information, should consider using other secure means to send communications, such as bulk email services, so information is not shared with people by mistake.
Organisations should also consider having appropriate policies in place and training for staff in relation to email communications.
For non-sensitive communications, organisations that choose to use BCC should do so carefully to ensure personal email addresses are not shared inappropriately with other customers, clients, or other organisations."
From the ICO
