The carbon-based units are again responsible for a huge breach of security controls at an organization.
This time it was an employee of the City of Hamilton, who hit an email ‘send’ button too fast on a message to 450 residents who had registered to vote by mail in the upcoming municipal election.
Unfortunately, the employee didn’t use the ‘blind carbon copy’ (bcc) function. Instead, the list of recipients went into the ‘To’ field, so all recipients could see everyone’s name and email address.
According to the Hamilton Spectator, one person who received the blast complained to the city as well as to the provincial information and privacy commissioner.
In response the city sent out a statement saying it regrets the error and any distress that this incident may cause those who have used the Vote by Mail process.
“Multiple email addresses were inadvertently entered in the to: line of the email instead of the bcc: line, exposing email addresses to all recipients of the email message. Immediate steps were taken to recall the message and to notify all affected individuals.
“The City of Hamilton takes the responsibility of protecting the security of individuals and their personal information very seriously and will conduct a review of processes to ensure staff are trained in the protection of personal information.”
The city has notified the provincial information and privacy commissioner (IPC) because possible data breaches are subject to the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
In an email, the IPC’s office said it has been notified by the city, and had received two privacy complaints.
The IPC doesn’t have statistics on misdirected emails from public institutions covered by the provincial freedom of information and privacy act (FIPPA) and MFIPPA, as they are not required to report privacy breaches. However, the IPC added, health information custodians subject to the provincial health information privacy act are required to report privacy breaches. Last year, 1,165 — or about 12 per cent — of unauthorized disclosures of personal health information were caused by misdirected emails.
“Unfortunately, misdirected emails are a common — though avoidable — cause of privacy breaches,” the IPC statement said. “Commissioner Kosseim has written a blog about misdirected emails and the importance of having explicit policies, procedures and administrative safeguards in place when handling personal information to avoid such unauthorized disclosures of personal information. Employees need to be well-trained to be aware of potential privacy risks and follow proper protocols to avoid privacy breaches. This includes checking and double-checking the intended recipients of the email, making sure they are in the appropriate field — CC or BCC — and reviewing the content of both emails and attachments before pressing send. Documents or spreadsheets containing the personal information of individuals should be encrypted with strong passwords. That way, even if they are mistakenly attached to an email or sent to the wrong person, unauthorized recipients cannot read them.”
The blind carbon copy feature was added to early email systems to prevent receivers of mass emails from seeing the list of other people the message went to. The idea is, the sender pastes the list of recipients in the ‘Bcc’ field. However, some people who don’t look carefully paste the list into the ‘To’ or ‘cc’ (carbon copy) field, and everyone who gets the message can see the names — or at least the nicknames — and the email addresses of everyone else.
In 2016 Axa Insurance listed this as one of the five dreaded email failures. Some application developers have created email plug-ins for popular email systems to prevent this problem.
David Shipley, head of New Brunswick security awareness training firm Beauceron Security, said the confusion over BCC “is literally the oldest privacy breach mistake in the book and one that every organization ends up having to deal with sooner or later.”