The Information Commissioner’s Office (ICO) has warned healthcare organisations that they should use alternatives to the blind carbon copy (bcc) function when sending emails that contain sensitive personal information.
The warning came after several recent data breaches involving health services, including a case where personal email addresses of people invited to use HIV services were mistakenly disclosed.
The ICO has published new guidance to help organisations understand the law and ensure good practice on protecting personal information when sending bulk emails.1 Organisations that fail to comply with the law can be issued with reprimands or in some cases fines.
Mihaela Jembei, ICO’s director of regulatory cyber, said, “Failure …