Colleagues reporting data breaches often cited that recipients had the same or a similar name to the intended recipient. When emails or messages are sent to the wrong recipient or contain unnecessary personal details, this is considered a personal data breach under UK data protection legislation.
Don’t let Auto-Complete choose for you
Features like Auto-Complete in Outlook are designed for convenience, and by remembering email addresses you’ve used before and suggesting them when you begin typing, so you can select email recipients very quickly.
For most day-to-day emails, Auto-Complete provides a time-saving feature that outweighs the risk to personal data. However, when colleagues are sending sensitive or special category data, the consequences of selecting an incorrect recipient become significantly more serious. Personal data breaches can have real consequences for individuals affected, exposing them to risks such as identity theft, physical harm, emotional distress, and a loss of trust in how their personal data is handled by the University.
For colleagues who routinely send emails containing sensitive or special category data, we’d encourage you to disable Auto-Complete or clear your Auto-Complete Cache frequently to reduce the risk of inadvertently causing a personal data breach.
What else can you do?
- Double-check recipients before sending.
- Avoid sending sensitive data within an email unless it is essential.
- Grant OneDrive access to documents containing sensitive or special category data instead of sending them as an attachment.
- Report any suspected data breaches immediately via the Data Breach MS form.