Email Data Breach at Newcastle City Council Indicative of Common but Costly Human Error
In our latest blog post, we explore how the use of a secure file share solution like Wizuda’s CFS could have avoided a highly distressing breach of personal details by a local city council in the UK.
A recent BBC news report has revealed that Newcastle City Council is under investigation by the Information Commissioner’s Office (ICO) for a data breach which involved a spreadsheet containing the personal details of thousands of children and their adoptive parents being mistakenly sent as an attachment to a summer party email invitation.
The spreadsheet attachment contained the names, addresses and birth dates of 2,743 adopted children, alongside details of parents, social workers and former adoptees. It is reported that as many as 77 people received the attachment.
Newcastle City Council’s director of people, Ewen Weir stated “This breach appears to have been caused by human error and a failure to follow established procedures. We are conducting a thorough review of our processes to identify what changes we can make to ensure that this never happens again.”
Under the incoming GDPR legislation a breach of this nature could result in fines of 4% of turnover or €20 million (whichever is higher). There is no doubt but this is an expensive price to pay for the common human error of either attaching an incorrect file to an email or sending a file to the wrong recipient or recipients.
Wizuda’s MD, Danielle Cussen highlights that Wizuda’s CFS has several safeguards in place to help mitigate such occurrences including the unique “intelligent recipient lookup” feature, customisable authorisation workflow and the anonymisation module. For e.g. the sender would have been prompted to answer a series of simple tick box questions indicating whether the file contained personal data which would then be automatically routed through the authorisation workflow for approval prior to being sent. Wizuda’s anonymisation module gives users the ability to anonymise, pseudonymise and/or minimise the data before sending so even if the file was sent to the incorrect recipient, the anonymity of the data subjects could be protected.
Sending an email to the incorrect recipient is commonplace however if personally identifiable data is sent to the incorrect person under GDPR, significant reputational and financial repercussions will ensue.
Once GDPR becomes law on the 25th of May 2018, it will be essential for organisations to have visibility of the personal data that is being transferred outside of their organisation and to gain assurance that it is being handled in compliance with the GDPR. Wizuda’s CFS solution gives this peace of mind and simplifies the path to GDPR compliance.
If you would like to discuss how Wizuda can help you avoid email data breaches in your organisation, contact us today.