NCVO researcher shares 100s of e-mail addresses without permission
Today’s data protection faux pas comes from an NCVO researcher. She shared around 300 e-mail addresses without permission by pasting them into the Cc. field of her e-mail message.
The list of voluntary sector organisations that don’t appear to train their staff in how to use e-mail or the implications of data protection continues to grow.
Today UK Fundraising received an e-mail message from an NCVO researcher about an event. Nine tenths of the text of the message consisted of around 300 names and email addresses of all the rest of the recipients of the message. This included our e-mail address at UK Fundraising. We haven’t given NCVO permission to broadcast our e-mail address to all and sundry and we assume such permission was not forthcoming from everyone else on the list.
Advertisement
We’ll spare the individual researcher’s embarrassment this time by not naming names, but fundraisers and charity staff should learn from their mistake. If you are not confident that you know how to send an e-mail to two or more people, find out. It’s not difficult, and you could just save your charity the embarrassment of being reported to the Information Commissioner.
There is a difference between the Cc and Bc fields. UK Fundraising’s Howard Lake is running a training course on Using e-mail to fundraise later this month and this will include a run-through of the basics of sending e-mails.
Is this mere pedantry? Not at all. Let’s assume that all recipients of today’s message were absolutely scrupulous in not using the address list and copying the odd name to their address book. Let’s assume that none of the recipients forwarded the entire message (with all those e-mail addresses) to a friend or colleague.
Our e-mail address is now in the e-mail systems of 300 or so other people. How good are their anti-virus systems? Some viruses scan users’ hard-drives for any e-mail addresses and then attempt to replicate themselves by sending themselves to all these e-mail addresses. When will those 300 get round to deleting the NCVO message? Today, next month, never? Until they do, our personal data is not as secure as we expected it to be.