Outcomes - Selected Case Summaries
Categories
Misdirected Email with Account Information
Informal Resolution | 14 February 2020
A bank notified us of a personal data breach that involved a misdirected email sent to a client that contained the email address, partial account number and account balance information of another individual.
After several attempts, the breach was contained when the recipient confirmed the deletion of the email. The bank informed us and the data subject, as required by law. The bank reiterated to its staff the importance of reviewing the contents and recipients of emails prior to sending them, and of avoiding unapproved templates that can retain personal data. Staff training is regularly provided to reduce the likelihood of these types of errors. The case was closed, as we were satisfied that the breach did not result in harm to the data subject, and that the measures taken to contain and mitigate the breach were reasonable.