BCP Council in the UK issued an apology after one of its officers accidentally exposed email addresses in a recent communication. The officer sent out an email last week to hundreds of recipients, including personal email addresses, without using the blind copy (BCC) function. The email, related to the implementation of a new system for managing local land charges, planning, and building control in March, was sent on January 17, 2025.
Upon realizing the mistake, the officer quickly recalled the email and followed the council’s internal procedures. These actions included notifying the information governance and IT security teams to address the issue. Jeff Hanna, cabinet member for transformation, resources, and governance, stated that the incident was promptly handled, and the council took swift steps to mitigate any further risks.
Despite the potential for privacy concerns, the council deemed the breach to be of low risk. This was because most of the exposed email addresses were business-related rather than personal. As a result, the council concluded that there was no need to report the incident to the Information Commissioner’s Office (ICO).
Hanna confirmed that apologies were sent to everyone who had received the email.
The mishap underscores the ongoing importance of data security protocols and email privacy practices. While the breach was considered low risk, it serves as a reminder for organizations to carefully handle communications that involve sensitive information. The council has committed to reviewing its internal processes to prevent similar incidents in the future.
Reference:
