UK Government’s Department for Digital, Culture, Media and Sport shared the contact details of 300 journalists, allowing their addresses to be seen by other people. This is the third government email blunder in the past two week’s following the Home Office’s use of CC rather than BCC when emailing EU citizens, and individuals involved in receiving compensation from the Windrush Compensation scheme.
You can’t make this up the UK government have announced that they’re putting age & id checks in place so people can watch porn
The press release they sent out went to over 300 journalists with all the email addresses visible to the recipients https://t.co/DCGZ8knP4t
— Chris Dyson (@ChrisLDyson) April 17, 2019
Adenike Cosgrove, Cybersecurity Strategist, EMEA at Proofpoint:
“Unfortunately despite rigorous technical and process controls, examples of human error such as this can mean the difference between a normal day and a data protection disaster. What we’re seeing from a lot of organisations is a situation where technical solutions and process management are in place to a certain degree, but the equally important employee awareness aspect is still yet to be adequately addressed. Businesses must make end-users aware of what type of data is protected under the GDPR. In addition, organisations must work to change user data-handling behaviour, they must offer action-oriented scenarios that challenge users to think about how the regulation affects their day-to-day business activities.
“GDPR mandates that users handling personal data must be trained on how to handle it appropriately to protect the privacy and confidentiality of that information. Companies rolling out cyber security awareness and training programs should ensure that employees are trained not just on potential technical threats, but are also educated on how to handle sensitive information, particularly Personally Identifiable Information (PII). By leveraging technical controls and making data privacy a business priority, organisations can reduce the likelihood of data exposure.”