Outcomes - Selected Case Summaries
Categories
Risk management entity sends misdirected shareholder data
Decisions | 02 February 2023
An email that contained board minutes for a group structured under a publicly owned company, which included the personal data of shareholders, was erroneously sent to an unintended recipient. The record contained bank names, bank account numbers, signatories, and dividend information.
When the data controller became aware of the error, the representative of the parent company was informed and the unintended recipient was alerted of the error and instructed to delete the email, which was confirmed to have been done. We were made aware of the matter and supported the actions taken and recommended that revisions be made to the entity’s breach response procedures and directed them to our website for further guidance on personal data breaches.