METALMICKY
Well-known member
- Jan 30, 2004
- 6,837
A quick question for all you admin/data controllers out there.
Last week the company I work for sent out a group email confirming that spaces were available on a training course. The email was sent from the administrator's work email address but was addressed to 12 recipients including myself and used our personal email addresses such at Outlook and Gmail. It was simply sent using the ' To ' box as opposed to ' BCC' . Accordingly, every recipient can clearly see the other 11 people's personal email addresses. 10 of those email addresses clearly identify names and surnames as opposed to where people have used nonsense ones that don't in any way identify them.
Just to clarify the company I work for would only ever have and use our personal emails due to the nature of the business, and would normally only ever send similar group emails by using BCC or they have a bespoke group messaging system.
Normally it's the sort of thing I would let slide but on this occasion I have a concern. The most important one being that since that email my inbox has has seen a marked increase in spam and phishing emails. Some of the phishing ones are pretty good ones supposedly being from Microsoft. I can spot them a mile away but I've a concern that some of my older and less tech savvy Co workers could be at risk.
Is this a clear breach of GDPR and what should my company doing about it? Alternatively, have I got it wrong and potentially over reacting?
On occasions Google can be your friend but it can easily mislead or be misinterpreted. Even the ICO web site is a not totally clear which is why I'm putting the question out there
Many thanks for any advice,observations or guidance
Last week the company I work for sent out a group email confirming that spaces were available on a training course. The email was sent from the administrator's work email address but was addressed to 12 recipients including myself and used our personal email addresses such at Outlook and Gmail. It was simply sent using the ' To ' box as opposed to ' BCC' . Accordingly, every recipient can clearly see the other 11 people's personal email addresses. 10 of those email addresses clearly identify names and surnames as opposed to where people have used nonsense ones that don't in any way identify them.
Just to clarify the company I work for would only ever have and use our personal emails due to the nature of the business, and would normally only ever send similar group emails by using BCC or they have a bespoke group messaging system.
Normally it's the sort of thing I would let slide but on this occasion I have a concern. The most important one being that since that email my inbox has has seen a marked increase in spam and phishing emails. Some of the phishing ones are pretty good ones supposedly being from Microsoft. I can spot them a mile away but I've a concern that some of my older and less tech savvy Co workers could be at risk.
Is this a clear breach of GDPR and what should my company doing about it? Alternatively, have I got it wrong and potentially over reacting?
On occasions Google can be your friend but it can easily mislead or be misinterpreted. Even the ICO web site is a not totally clear which is why I'm putting the question out there
Many thanks for any advice,observations or guidance