Privacy BreachPosted: Wed 2 September, 2015
Yet again, today there’s a story about another place revealing a confidential list of customers in emails – and as usual, in what’s known as a Corbett round here (courtesy of a certain Irish marketing person) it’s looking like the leaker sent the email using CC instead of BCC.
In this case, the information is even more sensitive than usual, as it’s people who’ve used a particular STI clinic in London, and may have also revealed their HIV status. Oh, bloody whoops.
It amazes me how often this seems to happen – and how easy it should be to fix.
The first answer is, obviously, train people.
But after that, it’s about defending against laziness and stupidity. But even that’s pretty easy.
All it really needs is a block on recipients in CC. If you’re sending an email and it’s got more than (say) 10 addresses in the CC field, it simply asks if you’re sure you want to send it with those people in CC rather than BCC. That’s an email-client thing – but is easy to do.
It can’t be that difficult – my own email clients all already ask if I want to send an email with no attachments if the message contains keywords like ‘attached’ or ‘CV’, after all.
A similar thing could be done on the mail-server as well – put in a rule that if there’s more than [defined limit] of addresses in the CC, it doesn’t send without an authorisation, an acknowledgement that this is OK.
There will still be the odd blithering fucktrumpet who manages to send out a whole mailing-list in CC (or even To) – but at least make it harder for them to do so.
Surely that’s not asking too much?