Sending emails? Careful with that ‘cc,’ warns privacy body | Inquirer News
PROTECTING DATA PRIVACY

Sending emails? Careful with that ‘cc,’ warns privacy body

/ 05:40 AM August 08, 2023

The National Privacy Commission (NPC) has asked the public to take extra caution in sending emails to multiple recipients, saying the improper use of the “cc” or carbon copy function could invade or compromise other people’s privacy.

MANILA, Philippines — The National Privacy Commission (NPC) has asked the public to take extra caution in sending emails to multiple recipients, saying the improper use of the “cc” or carbon copy function could invade or compromise other people’s privacy.

One of the risks to data privacy cited by the NPC is the display of the email addresses of all recipients to every recipient.

Article continues after this advertisement

“This may result in unintentional disclosure of personal information, which may lead to spam, phishing attempts, or targeted attacks,” said the NPC.

FEATURED STORIES

Also, the inappropriate use of “cc” may give unauthorized persons access to personal and sensitive personal information and confidential or restricted information that may be contained in the email body or its attachments.

Adding “cc” could result in a breach of confidentiality, data sharing, and other applicable nondisclosure agreements, said the NPC.

Article continues after this advertisement

“Mishandling personal information by using the ‘cc’ function, under certain circumstances, may be unnecessary or not proportional for the purpose which can be regarded as a violation of the general data privacy principles in the (Data Privacy Act),” the NPC added.

Article continues after this advertisement

Unintended exposure

The government’s data privacy watchdog said it had observed many cases involving the erroneous use of the email feature that allows users to send messages to multiple recipients.

Article continues after this advertisement

The NPC added that it had seen a rise in number since 2021 but did not elaborate on the figures it had recorded.

“Such errors have led to unintended data exposure, potentially compromising the privacy and security of the data subjects involved,” it said in a statement.

Article continues after this advertisement

As an alternative, the NPC encouraged users of this email feature to check if the “bcc” (blind carbon copy) function is a more appropriate mode of delivery for emails.

“The ‘bcc’ function conceals the recipient email addresses from each other, providing an added layer of protection that reduces the risk of accidental data exposure,” said the NPC.

It also advised senders to double-check their email recipients and verify whether all those included in the “cc” function are necessary.

It also recommended using “bcc” when making announcements or mass emails to ensure that the email addresses of each recipient are hidden from one another.

The NPC also said that email users should be mindful of personal and sensitive information shared in email messages and their attachments, citing that it was better to apply other safeguards such as encryption, password protection, and secure file-sharing platforms.

Further, the commission urged employers to train and coach employees to adopt best practices regarding email correspondence.

As a final reminder, the NPC told users that failure to implement sufficient data protection measures could be punishable under the Data Privacy Act and issuances from the commission.

The punishable acts include the unauthorized processing of personal and sensitive personal information and giving access to these due to negligence.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Unauthorized access carries a penalty of imprisonment ranging from one year to three years and a fine of not less than P500,000 but not more than P2 million.

Meanwhile, providing access due to negligence can lead to prison time ranging from three years to six years and a fine of not less than P500,000 but not more than P4 million.

RELATED STORIES

PH among top phishing email targets in Southeast Asia

Filipinos must be careful in doing online transactions, says think tank

Cybersecurity is a matter of national security, experts tell Marcos

/abc
TAGS: cybersecurity, email cc function, email scam, National Privacy Commission

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.