How can I prevent privacy breaches through email?

Sending electronic information to the wrong recipient is the most common type of privacy breach reported to us. If your agency is sending personal information by email, staff should double-check that it will go to the right recipients before they send it.  

You can take easy measures to make emailing more secure, such as delays on emails sent to recipients outside the agency, or pop-ups that remind staff to check that they’ve entered the correct recipient address. These steps reduce the risk of human error. 

For mass emails, double‐check that all emails are contained in the ‘Bcc’ section.

Email attachments can also lead to privacy breaches. Staff should always check they’re sending the right attachment, and that doesn’t include any personal information the recipient shouldn’t see.

Spreadsheets can pose a risk because of all the information they can contain. If you must send information in a spreadsheet, check that there isn’t any sensitive information hidden behind document tabs and in pivot tables, and protect the document with a password. Also consider whether you can extract the relevant information for the recipient without sending the whole spreadsheet.

Treat an email breach as a privacy breach and respond accordingly. If it is serious you must notify the Privacy Commissioner and you will need to consider notifying affected individuals. See NotifyUs(external link).