The misclick of a Hastings Borough Council employee has highlighted the scope of new tough data regulations.
Last Thursday (May 24) an email was sent to the mailing list of the council’s culture team, informing them of changes brought about by the new General Data Protection Regulations (GDPR).
But in an unfortunate stroke of fate the email was accidently sent openly – allowing each recipient to see the contact details of all the others – in what would have been classed as a data breach had GDPR already been in force.
A Hastings Borough Council spokesman said: “We are very sorry for this data breach, and we apologise sincerely for it. This was simple human error, a colleague used the ‘to’ box in her email rather than the ‘BCC’ box, so revealing email addresses to everybody else on the mailing list. She immediately realised her mistake, and sent another email – Bcc’d – apologising for the error, and asking recipients to delete the original.”
GDPR came into force last Friday (May 25), granting European citizens a range of new data rights. Organizations found to be in breach of GDPR can be fined up to 4 per cent of annual global turnover or €20m.