Should sending a sensitive email to the wrong person be classed as a data breach?August 7th, 2013 by Jamie Titchener
Let’s face it, we have all done it, sent an email to the wrong person. But should this be classed as a data breach if the emails contains sensitive information?
It depends on who the mistaken recipient of the email is. If the recipient works within your own organisation, or a partner organisation, and has clearance to access data from you with the classification of the email, then the answer would be no.
On the other hand, if the email is sent to someone who doesn’t have authority to access the data with that particular classification, and works outside of your organisation, or a partner organisation, then yes it should be classed as a data breach.
Sending an email to the wrong person is very easy to do. The Auto Complete function in many email clients and webmail services makes it even more so. We found during a recent survey we undertook into cyber security that the respondents felt human beings are the biggest cyber security risk (Boardroom Cyber Watch Survey Report – download for free).
But how can we look to prevent this type of issue from occurring in the first place?
Sure, you could turn Auto Complete off in your email client or webmail service. But that doesn’t put a brick wall in the way of emails being sent to the wrong place.
A simple solution to the issue is classification software, such as Boldon James Classifier. This software filters emails by classification-level, so they can only be sent to approved recipients.
Don’t be the victim of a very human data breach, think before you press the Send button!