Outcomes - Selected Case Summaries



Confirmation of job applications by Cabinet Office

Informal Resolution | 23 June 2021

The Cabinet Office was sending an email to job applicants to confirm receipt of their applications. They intended to send the same email to all recipients, adding their addresses into the BCC field. However, the addresses were erroneously inserted into a visible field (cc), disclosing all of the names and email addresses to all recipients.

The breach was noticed within 4 minutes and a recall notice was issued. It is not known how successful this was. Shortly after that, the Cabinet Office sent an email to all recipients asking them to disregard the previous email and to delete it from their inboxes. They carried out training with all staff on how to prevent such breaches from reoccurring and on what do to in the event of a breach.

We were satisfied that the breach would not cause serious prejudice to data subjects’ rights and that appropriate steps were taken to mitigate the breach, so the case was closed with no further action.