Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

The To: Field and the Unintended Data Breach

By Bruce Raymond on April 1, 2015
Email this postTweet this postLike this postShare this post on LinkedIn

On November 7, 2014, the Australian Department of Immigration and Border Proteciton gave notice of a data breach that morning affecting the leaders of the G20.  As described:

The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit.

Affected by this data breach were, among others, President Barack Obama, Russian President Vladimir Putin, German Chancellor Angela Merkel, and UK Prime Minister David Cameron.  The cause of the data breach was the autocomplete feature of the “To:” field in Microsoft Outlook.

The autocomplete feature is a useful way to send an e-mail without having to look up an email address.  Unfortunately, without careful attention, it is easy for any person within a government agency, nonprofit organization, or commercial enterprise to accidentally send a message to the wrong person.  

As with the unfortunate Australian government employee, it is all too common for emails to contain personally identifying information and for such emails to be unencrypted.  It is easy to imagine the same occurring with trade secrets, protected health information, or attorney-client privileged material.

Massachusetts businesses are required to protect personal information pursuant to G.L. c. 93H and the implementing regulations at 201 CMR 17.00.  Business owners and managers should take care to review their e-mail policies regarding the transmission of unencrypted personal information and the use of the autocomplete feature as part of their written information security program.  Employers should take care, further, to ensure that such a program does not conflict with the NLRB’s December 2014 decision in Purple Communications.  In developing such a program, it is best to consult with experienced privacy attorneys.

 

Photo of Bruce Raymond Bruce Raymond

Business Litigation, Trade Secrets, Copyright, Technology and Software, Privacy and Data Security.

Read more about Bruce RaymondEmailBruce's Linkedin Profile
  • Posted in:
    Civil Litigation, Corporate & Commercial
  • Blog:
    Boston Business Litigation
  • Organization:
    Raymond Law Group LLC
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo