Rookie Information Governance Mistakes People Still Make

Posted    |    Rating: not yet rated

General Data Protection Regulation – A regulation law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data (Personally Identifiable Information) outside the EU and EEA areas.

Big terms and industry acronyms like Information Governance and PII and GDPR are enough to make most users turn their heads inside the first second. That’s a pity because it’s typically their fault those terms are worth knowing. According to itgovernance.co.uk numerous outlets have found Kroll.com data recording complaints tracking GDPR violations mostly filled (88%) with user error.

Techs love the PIBCAC acronym Problem In Between Chair and Computer So while there’s a har-har to be had there, have a look at this break-down of reports to Kroll:

  • 438 reports of loss or theft of paperwork
  • 256 reports of failing to redact data
  • 164 reports of data being left in an insecure location
  • 147 reports of people failing to use bcc in emails, and
  • 133 reports of unencrypted devices being lost or stolen

There’s more at the link but I wanted to focus on the following: 147 reports of people failing to use bcc in emails Is that you? Are you slow? Don’t you know by now? BCC is blind carbon copy and it prevents individual recipients of a group email from seeing the information of other individuals’ information. This is email 001; maybe 002 after CC being just the “carbon copy” lesson.

There are very few nags from computers or applications that I think are good things, but if people are in the market for Smart Home devices that check for lights left on, doors left open and cookers left cooking, then perhaps email applications should double-check if you meant cc or bcc – for Pete’s sake!

Far from being the same thing, bcc keeps enemies at arm’s length, harassers frustrated and stalkers in the dark. In the past month, I’ve received two important emails that should have been bcc considering the focus globally on privacy and then, after stating as much in a response, received a second public blast revealing everyone’s data when a revision was emailed out.

Author