• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Email DP breach - almighty blunder !!

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Email DP breach - almighty blunder !!

    Hello everyone and thank you for allowing me to be part of the forum.

    In January this Year, I successfully broke the DP act by sending out a generic advert to about 100 clients to their personal emails. It was a thankyou note for previous business shared with me in an entertainment business which I own as a sole trader.

    I pasted the emails in the ‘To ‘ box and hit ‘send’. You guessed it. They all got to know each other’s email addresses, some of which were qwerky and some emails implied a full name to the email address. I now understand that BCC should have been used.


    I only realised afterwards what I had done and was shocked how stupid I could have been.


    No one replied apart from One person which did complain and asked to me removed from the mailing list. I never heard from her again.


    That’s where the story ends, at least for now but I feel uneasy about the potential consequences of what I have done, apart from losing potential clients.


    The more I investigate this the more I realise that someone could make a case against me if they have been damaged in some way. I’m thinking of SPAM, etc., if my action somehow causes financial loss as a result of a malicious email that can be linked back to my original actions that has created a scanario where a criminal can capitalise on my blunder.


    I’m also surprised to learn that this type of blunder is not uncommon and has hit the news headlines in previous Years.


    Would like to hear anyone’s comments on this.


    Many thanks in advance.


    Hampshire111
    Tags: None

  • #2
    Re: Email DP breach - almighty blunder !!

    Originally posted by hampshire111 View Post
    Hello everyone and thank you for allowing me to be part of the forum.

    In January this Year, I successfully broke the DP act by sending out a generic advert to about 100 clients to their personal emails. It was a thankyou note for previous business shared with me in an entertainment business which I own as a sole trader.

    I pasted the emails in the ‘To ‘ box and hit ‘send’. You guessed it. They all got to know each other’s email addresses, some of which were qwerky and some emails implied a full name to the email address. I now understand that BCC should have been used.


    I only realised afterwards what I had done and was shocked how stupid I could have been.


    No one replied apart from One person which did complain and asked to me removed from the mailing list. I never heard from her again.


    That’s where the story ends, at least for now but I feel uneasy about the potential consequences of what I have done, apart from losing potential clients.


    The more I investigate this the more I realise that someone could make a case against me if they have been damaged in some way. I’m thinking of SPAM, etc., if my action somehow causes financial loss as a result of a malicious email that can be linked back to my original actions that has created a scanario where a criminal can capitalise on my blunder.


    I’m also surprised to learn that this type of blunder is not uncommon and has hit the news headlines in previous Years.


    Would like to hear anyone’s comments on this.


    Many thanks in advance.


    Hampshire111
    Hi Hampshire111 & welcome to LB.

    Unfortunately you can't unshoot the duck.

    How do you think a criminal could profit by your mistake, & how do you think you could be liable for their actions?
    CAVEAT LECTOR

    This is only my opinion - "Opinions are made to be changed --or how is truth to be got at?" (Byron)

    You and I do not see things as they are. We see things as we are.
    Cohen, Herb


    There is danger when a man throws his tongue into high gear before he
    gets his brain a-going.
    Phelps, C. C.


    "They couldn't hit an elephant at this distance!"
    The last words of John Sedgwick

    Comment


    • #3
      Re: Email DP breach - almighty blunder !!

      You can report yourself to the information commissioner's office if you are registered for Data Protection Activity.....
      "Family means that no one gets forgotten or left behind"
      (quote from David Ogden Stiers)

      Comment


      • #4
        Re: Email DP breach - almighty blunder !!

        Originally posted by charitynjw View Post
        Hi Hampshire111 & welcome to LB.

        Unfortunately you can't unshoot the duck.

        How do you think a criminal could profit by your mistake, & how do you think you could be liable for their actions?
        Thanks for your reply.

        I was reading that spammers can hack into email accounts. They also buy / steal volumes of email accounts from orgainsations and send spoof emails to groups of people, in the hope that people will fall for the financial scam. I understand that my action has increased the possibility of spamming, Indirectly, I could be held responsible for not only my mistake but any subsequent action taken by a criminal. Interesting snippet below :

        So it sounds to me that the organisation Lourdes1 refers to has breached the first data-protection principle under the DPA by displaying all 520 email addresses. There is no legal obligation on data controllers to notify individuals of a breach of the DPA, but individuals can complain to the information commissioner who has power to issue enforcement notices, or they may seek compensation under section 13 of the DPA for any contravention of the DPA which causes them damage. Compensation is also available for "distress" caused by a breach, but only if the individual concerned has also suffered quantifiable damage. It seems unlikely that a criminal would be able to commit identity fraud with only an email address, but if Lourdes1 does become a victim of fraud as a result of the disclosure then he may well be entitled to compensation from the organisation.

        I guess you could compare this to the analogy of another scenario, for example, If I accidently left the keys of my car in the ignition and a thief stole my car and smashed it into a shop, the shop owner could blame / sue me for leaving the keys unattended !!.


        - - - Updated - - -

        Okay thanks. Thats interesting.

        - - - Updated - - -

        thanks for your information

        Comment

        View our Terms and Conditions

        LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

        If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


        If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
        Working...
        X