Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Help! I’ve just hit Send and realised my error! JLB
13 November 2015

butterfly

Have you ever hit Send in your email program and have a heart sickening, uh-oh moment? Did you address the email correctly or attached the right document?

Of the breach notifications we received in the past two years, about 30 percent were due to an email error. It might be sending an email to the wrong recipient, not blind copying, or attaching the wrong information. 

With email, an oh-so-simple, uh-oh error can result in a privacy breach of disproportionate consequences, both reputational and financial. It could even cripple your business.

So what can you do about it?

In addition to training staff and developing a culture of protecting the personal information of your clients, there are system solutions that can also help.

You can’t stop human error but you can mitigate the risks.  

Here are a few precautions we have ourselves adopted. There are of course other solutions, some more sophisticated and costly. Some, for example, can scan the content of outgoing emails and redirect the delivery of particular types of content first through an internal approval process. And there are other, more secure solutions that avoid the use of emails altogether. 

But even for a small business, there are things you can do as we have ourselves done.

MailTips

We use MailTips that automatically pop up in Outlook when an email meets certain criteria. This safeguard was configured for us by our IT provider, LANWorx.

Here’s how it works:

  • If we email an external recipient, their email address changes to a different colour and we get a reminder that it’s an external recipient.
  • If we email an attachment externally, we get a pop-up message that alerts us to this and prompts us to check if it’s the correct attachment. It is our responsibility to open the attachment and double-check that it is the correct one and with only the intended information destined for the right recipient (think of the multiple tabs on an Excel spreadsheet or information buried in a long email thread).
  • If we email five or more external recipients in the To or cc field, we get an alert prompting us to check if we should be using the bcc (blind copy) field instead (recipients should always be blind copied if their identities and/or email addresses are not authorised to be disclosed to other recipients).

Delay delivery

We have set up a rule on our Outlook so there’s an automatic delay for every email we send to an external recipient (our users typically select a delay of between two to five minutes.) We’ve configured the rule so that it only applies to external recipients, and we’ve created a Send Now category which a user can apply to any external email if they need it to go immediately.

Auto-complete

We disabled this feature because it’s too easy to have the wrong email address auto-populate. For those who can’t live without it, be sure to delete any incorrect, obsolete or redundant auto-complete entries so you don’t accidentally use them (and if you have Outlook, you can just point your mouse at the entry in the pop up list, click on the X beside it, and voila, it’s gone).

Encryption

We have a public encryption key if anyone wants to email us in an encrypted format. We also use SEEMail which encrypts email traffic between participating New Zealand public sector organisations. We also use peer-to-peer encryption to ensure that a complaint lodged on our website is securely emailed to our internal systems.

What do you do?

Share with us, for our benefit and others, what you do to help avoid the unintentional release of information through email. You might just help someone not lose their shirt! And let us know if the MailTips macro we are sharing is of any assistance, or if you can see any room for improvement. Check out our macro below and feel free to use it and to adapt it for use in your organisation.

Example macro for Outlook MailTips

This macro (computing definition - a single instruction that expands automatically into a set of instructions to perform a particular task) enables alerts for:

  • emails to external recipients
  • attachments to external recipients
  • five or more recipients in the To or cc field to prompt if bcc should be used instead.

 

Function ShowVisibleAttachmentCount() As Boolean

 

        '========================================================================================================================

        ' Copyright ©   : 2014 Lanworx Limited

        '               :

        ' Name          :ShowVisibleAttachmentCount

        ' Arguments     :

        ' Returns       :Return true if one or more attachments exist on the email

        ' Description   :Gets count of attachments

        '               :

        ' Change History

        ' Date          Who     Ticket #        Description

        ' -----------------------------------------------------------------------------------------------------------------------

        ' 28/03/2014    DM      232849          Released

        ' 01/04/2014    KF      232849          Add error control to avoid error when sending calendar messages.

        '

        '========================================================================================================================

 

 

        Const PR_ATTACH_CONTENT_ID As String = "http://schemas.microsoft.com/mapi/proptag/0x3712001F"

        Const PR_ATTACHMENT_HIDDEN As String = "http://schemas.microsoft.com/mapi/proptag/0x7FFE000B"

   

        Dim m As MailItem

        Dim a As Attachment

        Dim pa As PropertyAccessor

        Dim c As Integer

        Dim cid As String

   

        Dim body As String

   

    

        On Error GoTo ErrorHandler

   

        c = 0

   

        Set m = Application.ActiveInspector.CurrentItem

        body = m.HTMLBody

   

        For Each a In m.Attachments

       

            Set pa = a.PropertyAccessor

            cid = pa.GetProperty(PR_ATTACH_CONTENT_ID)

   

            If Len(cid) > 0 Then

                If InStr(body, cid) Then

                Else

                    'In case that PR_ATTACHMENT_HIDDEN does not exists,

                    'an error will occur. We simply ignore this error and

                    'treat it as false.

                    On Error Resume Next

                    If Not pa.GetProperty(PR_ATTACHMENT_HIDDEN) Then

                        c = c + 1

                    End If

                    On Error GoTo 0

                End If

            Else

                c = c + 1

            End If

           

        Next a

   

    

    

        If c > 0 Then

            ShowVisibleAttachmentCount = True

        Else

            ShowVisibleAttachmentCount = False

        End If

   

    

    

        Exit Function

   

ErrorHandler:

   

        ShowVisibleAttachmentCount = False

       

    

End Function

 

Private Sub Application_ItemSend(ByVal Item As Object, Cancel As Boolean)

 

        '========================================================================================================================

        ' Copyright ©   : 2014 Lanworx Limited

        '               :

        ' Name          :Application_ItemSend

        ' Arguments     :

        ' Returns       :

        ' Description   :Tests for attachments if sending externally and prompts teh user to consider what is being sent

        '               :

        ' Change History

        ' Date          Who     Ticket #        Description

        ' -----------------------------------------------------------------------------------------------------------------------

        ' 28/03/2014    DM      232849          Released

        ' 01/04/2014    KF      232849          Add error control

        ' 20/10/2015    KF      259887          Test for recipient to and cc are over 10

        ' 21/10/2015    KF      259887          Updates following feedback from the customer

        ' 21/10/2015    KF      259887          Added comments

        '========================================================================================================================

 

 

        Dim recips As Outlook.Recipients

        Dim recip As Outlook.Recipient

        Dim pa As Outlook.PropertyAccessor

        Dim prompt As String

        Dim strMsg As String

        Dim ExternalRecipients As Boolean

        Dim CountRecipients As Integer

       

        Const PR_SMTP_ADDRESS As String = "http://schemas.microsoft.com/mapi/proptag/0x39FE001E"

       

        On Error GoTo ErrorHandler

               

        Set recips = Item.Recipients

        Set objRegEx = CreateObject("VBscript.RegExp")

        Set colMatches = objRegEx.Execute(Item.body)

       

        ExternalRecipients = False

       

            If colMatches.Count > 0 Then

                         

                For Each recip In recips

               

                    Set pa = recip.PropertyAccessor

                    If InStr(LCase(pa.GetProperty(PR_SMTP_ADDRESS)), "@privacy.org.nz") = 0 Then

                        strMsg = strMsg & "   " & pa.GetProperty(PR_SMTP_ADDRESS) & vbNewLine

                    End If

                    

                Next

                  

                '// Iterate through recipients on email

                For Each recip In recips

               

                    Set pa = recip.PropertyAccessor

                    If InStr(LCase(pa.GetProperty(PR_SMTP_ADDRESS)), "@privacy.org.nz") = 0 Then

                       

                        '// Flag if one or more recipients are external

                        ExternalRecipients = True

                        

                        '//Count no of external recipients for email

                        If recip.Type = Outlook.OlMailRecipientType.olTo Or recip.Type = Outlook.OlMailRecipientType.olCC Then

                            CountRecipients = CountRecipients + 1

                        End If

                                   

                    End If

                       

                Next

                                     

                '//Display message to user if there are external recipient(s) and the email contains attachment(s)

                If ExternalRecipients = True And ShowVisibleAttachmentCount = True Then

                      

                    prompt = "You are about to send an attachment to an external recipient" & vbNewLine & vbNewLine & "Have you checked it is the right attachment, and that it only" & vbNewLine & "contains information that should be sent?"

                   

                    If MsgBox(prompt, vbYesNo + vbExclamation + vbMsgBoxSetForeground + vbDefaultButton2, "Check Attachment") = vbNo Then

                       

                        Cancel = True

                        Exit Sub

                      

                    End If

               

                End If

            

                '//Display message to user if there are external recipient(s) and the recipients count is greater than 5

                If ExternalRecipients = True And CountRecipients >= 5 Then

                       

                    prompt = "You are about to send an email with five or more external recipients" & vbNewLine & vbNewLine & "Have you checked if these recipients should be sent as Bcc instead?"

                   

                    If MsgBox(prompt, vbYesNo + vbExclamation + vbMsgBoxSetForeground + vbDefaultButton2, "Check Recipients") = vbNo Then

                        Cancel = True

                    End If

                 

                End If

            

            End If

           

        Set olkAttachment = Nothing

        Set colMatches = Nothing

        Set objRegEx = Nothing

 

   

        Exit Sub

   

ErrorHandler:

   

        If MsgBox("An error has occurred checking this email for attachments and recipients" & vbNewLine & vbNewLine & "Click OK if you wish to send the email without checking", vbExclamation + vbOKCancel + vbDefaultButton2, "Check Email") = vbCancel Then

   

            Cancel = True

   

        End If

 

0 comments

,

Back

Comments

No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries