Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Breach case 3: Catches win matches Neil Sanson
7 April 2017

stop sign

A recent data breach provided an example of how it is sometimes possible to catch a breach as it is happening and avert potential harm.

An email was sent to the wrong person in the sender’s address list. We have probably all done this at least once. If you are quick, you can sometimes recall the email, deleting it from the recipient’s system before they have opened it. In this case, the recipient had already opened the email.

The incident was resolved by a staff member making the effort to visit the recipient who happily showed them how the email had been deleted and gave assurance that it had not been copied or forwarded. Knowing the recipient through their relationship with the company gave confidence they could be trusted. The data had not got away. This was a good catch.

This degree of co-operation does happen sometimes, so with a friendly recipient it may be worth making the effort to arrange a visit. A visit gives that extra bit of confidence about how the email has been dealt with, and gives an opportunity to thank the person directly for their cooperation.

Here are three steps you can take to help keep emails from getting loose:

Set a delay rule

A good step to take is to set a delay on outgoing emails. This means you will have a little time (you can decide how long) between finishing the email, and it actually leaving your system. [For Microsoft Outlook users, go to: “File”, then “Info”, and” Manage Rules and Alerts”]

Practise recalling an email

Your email system probably has a function to delete emails from the recipient’s system if they have not already been read. This might work within your organisation, but will not help with emails going out of your organisation. Practise using that function once or twice with test emails so that it is easy to do without panic when you suddenly realise you want to recall an email that was just sent. [For Microsoft Outlook, open the message, open the “File” tab, under “Info” is “Resend or Recall”.]

Be nice to people

The story also indicates the value of treating people with respect in your organisation’s dealing with them. If the recipient of the email had had bad experiences with the organisation, they would have been much more reluctant to co-operate.

Further tips for managing emails were described in this earlier blog post.

We regularly get data breach notifications and this year we will be sharing the lessons learned from these more regularly. If you want to know more about data breaches, please check out our data safety toolkit.

Image credit: Stop sign by ndemello (via Creative Commons)


, , ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries