Email is an essential part of every day life, yet is it friend or foe?
I have got to be honest with you, as someone that is passionate about data, I love a good statistic or fact (or two) to set the scene. Did you know that email was first used in the 1960s! Today, email is an essential part of every day life. According to the The Radicati Group’s “email statistics report, 2015-2019”:
- In 2015, the number of worldwide email users was nearly 2.6 BILLION.
- More incredible is that by 2019, one third of the worldwide population will be using email!
- Finally, on any given day in 2015, more that 205 billion emails were sent and received!
It is fair to say that we live and breathe email, especially when today you no longer need to access a laptop or PC to review your messages, you can simply read them via your mobile device! In my opinion, email has a number of very good and bad points going for it. I have listed these below, in no order of significance.
- it provides a way for you to praise staff, team members or friends. I know that I like to open messages that say “thank you” or “great work”!
- it is a very convenient method of sending a message and/or documentation.
- it is a powerful way to keep an audit trail of messages and can demonstrate a clear history of past communications.
- it is relatively cheap to send a message anywhere around the globe.
- it provides a means to share information quickly and consistently, and to many people.
- emails can be sent 24hrs a day, 365 days a year. I would argue that this is also a bad point!!
- unsolicited mail (a.k.a. spam).
- removes the need or desire to have face-to-face conversations.
- viruses are easily spread via email attachments
- it is a means to mass email individuals irresponsibly. Phishing, the sending of an email to a user falsely claiming to be a legitimate company to scam the user into providing information, such as personal information and bank account numbers on a bogus website. The details will then be used for identity theft or to steal money from the account.
- it is incredibly easy to send an email without thought about the consequences.
In my experience a common type of personal data disclosure involves the use of email. It is very easy for anyone of us to make one of the mistakes detailed below, however where personal information about a living individual is involved, these could be viewed as a breach of the Data Protection Act 2018 and the General Data Protection Regulation ("GDPR"):
- Sending an email to the wrong recipient. This results in the wrong person receiving the message. At the very least you look foolish, in the worst case you may have sent confidential information relating to your business or and individual to the wrong person which could land you in hot water.
- Replying to all. At one point in time we have all accidentally pressed ‘reply all’, only to freak out when you realise your mistake! In some cases inappropriate comments are made and sent to all recipients, which can lead to disciplinary action or lost custom. Business Insider provides a great example:
“Leading up to the 2002 World Cup, BBC Sports secured commentators Andy Gray and Jonathan Pearce as their color men. But apparently the guy at the top of BBC Sports had a beef with the hires. He intended to email a single colleague, but instead sent his true feelings to 500 employees (including Gray and Pearce): “I think they’re both crap”. He owned up to the mistake, later saying he couldn’t believe he was “such an arse.”
- Sending the wrong attachment. There have been cases where somebody within an organisation has sent confidential employee information to all staff members. A good example provided in a recent Ask Reddit where the question was “what’s the worst “reply to all” mistake you have witnessed?”
“HR manager sent an Excel workbook with some pertinent info on the first sheet to everyone, but failed to remove the fourth sheet which had everybody’s salary”.
- Sending confidential files via personal email. Due to corporate mailbox restrictions, employees use personal email accounts such as Yahoo, Hotmail and Gmail to send confidential documentation. In a survey conducted by Ipswitch File Transfer, the figure was a staggering 84% of employees! In May 2016 the ICO prosecuted Mr Mark Lloyd at Telford Magistrates’ Court for the offence of unlawfully obtaining data. The defendant emailed details of over 957 clients to his personal email address as he was leaving his employer to start a new job at a rival company. The documents contained personal information including contact details of customers, as well as purchase history and commercially sensitive information.
- Inadvertently disclosing email addresses. Every email address within the ‘to’ or ‘cc’ field is circulated for all recipients to see, many on the list may be strangers to each other!In December 2015, the ICO fined the Bloomsbury Patient Network after it inadvertently revealed the identities of HIV patients when it sent out a newsletter via email to a list of email addresses and used the ‘to’ field rather than the ‘bcc’ field to 200 patients. The result was 56 patients full or partial names were revealed.
At Databasix we believe that people at all levels of an organisation, whether public or private sector, should understand their role and responsibilities under the Data Protection Act, as email breaches are preventable. Below are our take away tips:
Five Take Away Tips
- Write the email content first, then add in the recipient details in the ‘to’ box.
- Where auto complete is activated, double check that you have the correct recipient address
- Double check that you have attached the correct document to the email before sending to the recipient.
- Think privacy, use the BCC box when emailing groups of recipients who may not all know each other.
- Before sending out marketing material to recipients, ask yourself, do you have their consent to send them this information?