With the introduction of GDPR, there has been a large focus upon personal data recently. A huge area of risk is with email. The majority of people now use emails on a daily basis, both personally and professionally and they become so second nature that we can forget the risks that may be associated with them. This article is aimed at being a reminder of those risks and how to avoid them.
Use of auto-complete
One of these email risks is with the use of auto-complete. This can apply to online form completion but also, Outlook as well as it also has an auto-complete function. This basically means, if you have emailed someone previously, when you begin typing their email address in the email bar, you may be offered an “auto-complete” version of the email.
There is an obvious risk here that an email may be sent to the wrong person where the auto-complete feature inserts the wrong email address. This could obviously be a potential breach of confidentiality and be a serious problem if something sensitive is disclosed.
In order to manage the above risk, it is recommended to complete the body of the email first along with the header and then once you are satisfied that the content is exactly what you want to send, then you can insert the recipient’s email address. This eliminates the risk of sending an incomplete or draft email to the recipient. You can then allow yourself time to double check the right email address has been input.
An email thread is basically the emails you may have sent back and forth in a series of conversations. The risk here is that you may be in a long thread and one email may go astray – by one email going astray, it would include with it the other emails in the thread. By this point, a lot of information may have been disclosed and sensitive or confidential information may be in the wrong hands.
The best way to avoid this is to begin a new email thread as if it is miss-sent or goes astray then less data will be disclosed.
In terms of email inbox’s, it is a very good idea to regularly delete any old emails no longer needed. This includes from the main email inbox, sent items, deleted items and saved items.
This is now required with the introduction of GDPR and the regulations on data retention. It is good practice and ensures confidential or sensitive information isn’t kept too long and eliminates the risks of it going astray or falling into the wrong hands.
How can we help?
Note: This article was first published on the Moray Employment Law website in July 2018.