ICO publishes new email bulk communications guidance

30/08/2023 | ICO

The Information Commissioner’s Office (ICO) has published new guidance on sending bulk communications by email following a series of incidents caused by the incorrect use of the blind carbon copy (BCC) email function. The guidance highlights that even if email content doesn’t contain anything sensitive, showing which people receive an email could disclose sensitive or confidential information about them. The guidance also recommends using secure methods such as bulk email services or mail merge services rather than relying on a BCC process. 

Mihaela Jembei, ICO Director of Regulatory Cyber, said: "Failure to use BCC correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved... This new guidance is part of our commitment to help organisations get email security right. However, where we see negligent behaviour that puts people at risk of harm, we will not hesitate to use the full suite of enforcement tools available to us."

Read Full Story
Email, PECR

What is this page?

You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.

The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.