In Employee News 28, Thursday 9 April 2020, the Council issued a reminder on information management, including data protection. The message highlighted the obligations that all employees have to ensure the safety of the personal information that is in the Council's custody.
In particular the Employee News highlighted the risk that the 'type ahead' email address function may cause if we do not double check email recipients before pressing send. Type ahead predicts the intended recipient of an email, choosing the most likely individual based on recent contacts and on the initial letters typed. There is a risk that this automated feature predicts the wrong employee or, worse still, an individual outwith the Council. If an email is sent to the wrong recipient and contains personal information, the result is a data protection breach – this is the case whether the email is sent internally or externally.
Colleagues will be aware of the potential penalties that can result from a data breach. The Council could be liable to pay a significant fine in the event of a serious breach. Breaches also damage the Council’s reputation. Most importantly, they damage public confidence in the Council and its services and can cause significant harm and distress to the data subject.
Since issuing a reminder in Employee News 28, there have been a number of data breaches and near misses which have arisen as a result of email correspondence which was incorrectly addressed. Now, more than ever, it is essential that all employees take the time to check the accuracy of addressees on emails before pressing send. Only once the recipients are confirmed to be correct should the email be sent.
The Council has the ability to disable the type ahead function, and has resisted doing so given the conveniences that it provides. However, too many data breaches and/or near misses are occurring as a result of reliance on the type ahead function and it is becoming more difficult to justify its use. Therefore all employees should be aware that in the event that these breaches or near misses continue, then the Council will be forced to reconsider the use of the type ahead function.
Thank you
Ann Davie
Depute Chief Executive, Education, People & Business
1 May 2020