What should I do if I've sent an email to the wrong address?
Act quickly and don’t delay. Send a follow-up email to the person or organisation that has been mistakenly sent your email asking them not to open it and delete it as soon as possible.
Second, alert your manager or your workplace privacy officer. Both can help assess the seriousness of the breach and decide what to do next. For example, if it is a work-related email, your workplace might decide to contact the person whose information was included in the breach to let them know and to apologise for the error. This might be an appropriate thing to do if the information contained is sensitive information, such as health or financial information.
It may also be that you've fallen for a spear phishing email. These are emails that deceive recipients into believing that they are responding to a legitimate request. They can happen to anyone at anytime. We’ve written about a serious incident of spear phishing here.
All organisations need to be very vigilant about the emails received by its staff. Phishing emails can look incredibly authentic. Staff should be reminded to be cautious about clicking on links or attachments. Remember to check the email address to see whether it is one the sender uses.
Treat an email breach as a privacy breach(external link). If it is serious, you must notify the Privacy Commissioner. In most cases, you will also need to consider notifying affected people. Our online NotifyUs reporting tool(external link) will help you assess the seriousness of the privacy breach and whether you have to tell our office.