Using BCC Properly: Protecting Personal Data and Preventing Data Breaches

The ICO has released new guidance to help organizations protect people's personal information when transmitting emails, highlighting the risks posed by failing to use BCC properly. Since 2019, nearly a thousand data breaches have been reported due to incorrect use of BCC, with the education sector being the most prolific offender. Organizations sending sensitive personal information electronically should use secure and alternative methods such as bulk email services, mail merge, or secure data transfer services. If non-sensitive communications are sent using BCC, organizations must take care to ensure that email addresses are not shared inappropriately. The ICO also warns it will not hesitate to use their enforcement powers should negligent behavior risk people's safety.