Businesses have been cautioned by the data watchdog to reduce their use of the Bcc field in email.
The Information Commissioner’s Office reported on Wednesday that the feature, which lets a sender send an email to several recipients without disclosing who has received it, frequently results in data breaches.
The ICO advised against using the blind carbon copy feature while sharing private or sensitive material, though it has its place.
The article stated that many email senders make the mistake of using the Cc field when they meant to use the Bcc field, resulting in their email addresses being visible to all recipients.
While Bcc has its uses, it is not sufficient on its own to ensure the privacy of individuals’ communications.
Using this feature, “you may use this to copy in someone discreetly or send a bulk email with a large mailing list,” as the ICO put it in their latest set of guidelines.
In contrast, “however, forgetting to use Bcc frequently leads to the accidental disclosure of all the recipients’ email addresses.”
Moreover, “You might use Bcc with other measures if the personal information you’re sharing is not sensitive and there’s little risk,” it said.
If you’re sending out a newsletter to a large group of people but don’t want to receive replies from everyone, this is the way to go.
The Information Commissioner’s Office (ICO) reported that inappropriate use of Bcc is consistently one of the top 10 non-cyber breaches it deals with. There have been about a thousand similar reports since the beginning of 2019.
The education sector fares the worst, followed by the healthcare sector, the local government sector, the retail sector, and the nonprofit sector.
When highly private information is compromised, the effects of a data breach can be devastating.
“Failure to use Bcc correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved,” said Mihaela Jembei, ICO’s director of regulatory cyber.
While Bcc has its uses, it’s not a foolproof method of keeping sensitive information safe.When choosing on the most appropriate manner to communicate with employees or customers, businesses should take into account the sensitive nature of the material and any associated security issues.
Alternatives to Bcc include bulk email services, mail merge, and secure data transfer services if organizations need to convey sensitive personal information electronically. This updated set of recommendations is a part of our ongoing effort to assist institutions in improving their email security. However, we will not hesitate to utilize all available enforcement instruments to stop careless behavior that puts others in danger.