UK Government’s Third Email Privacy Blunder In 2 Weeks

By   ISBuzz Team
Writer , Information Security Buzz | Apr 18, 2019 06:30 am PST

UK Government’s Department for Digital, Culture, Media and Sport shared the contact details of 300 journalists, allowing their addresses to be seen by other people. This is the third government email blunder in the past two week’s following the Home Office’s use of CC rather than BCC when emailing EU citizens, and individuals involved in receiving compensation from the Windrush Compensation scheme.   

Adenike Cosgrove, Cybersecurity Strategist, EMEA at Proofpoint: 

Unfortunately despite rigorous technical and process controls, examples of human error such as this can mean the difference between a normal day and a data protection disaster. What we’re seeing from a lot of organisations is a situation where technical solutions and process management are in place to a certain degree, but the equally important employee awareness aspect is still yet to be adequately addressed. Businesses must make end-users aware of what type of data is protected under the GDPR. In addition, organisations must work to change user data-handling behaviour, they must offer action-oriented scenarios that challenge users to think about how the regulation affects their day-to-day business activities.  

“GDPR mandates that users handling personal data must be trained on how to handle it appropriately to protect the privacy and confidentiality of that information. Companies rolling out cyber security awareness and training programs should ensure that employees are trained not just on potential technical threats, but are also educated on how to handle sensitive information, particularly Personally Identifiable Information (PII). By leveraging technical controls and making data privacy a business priority, organisations can reduce the likelihood of data exposure.” 


Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x