The Otago Regional Council (ORC) in New Zealand experienced a significant data breach, inadvertently sharing the email addresses of 472 individuals twice. This occurred when submitting emails for a draft regional public transport plan were sent with the recipients listed in the "To" field instead of the "Bcc" field.
The council's deputy chief executive, Amanda Vercoe, issued a public apology and contacted affected individuals, instructing them to delete the emails and not share them further. They were also given contact details for making official complaints to ORC and the Office of the Privacy Commissioner.
The ORC is currently implementing measures to improve data handling processes and prevent future occurrences of this data breach. They aim to increase checks and balances within their systems to ensure better protection of personal information.
While the council acknowledged that submitters' names would be public, the unintentional exposure of their email addresses constitutes a breach of privacy. The incident highlights the importance of adhering to privacy protocols when handling personal data.
Council deputy chief executive Amanda Vercoe has apologised to the 472 people whose email addresses were mistakenly shared after they submitted on the draft regional public transport plan.
On Thursday, the council sent an email to submitters, acknowledging their submission and giving details about next steps in the consultation process.
The submitters’ emails were inadvertently copied into "To" instead of "Bcc" - making submitters’ email addresses visible to everyone else, Mrs Vercoe said.
A second email, recalling the first, had the same problem and a full list of submitters’ emails was included.
Mrs Vercoe said people were told their names would be public when making submissions, but not their email addresses.
"We’re very sorry for this error and regret that it occurred," she said.
"It was a genuine mistake, and we hope that it did not cause any undue alarm, distress or confusion to any submitter."
On Friday, the council contacted submitters and apologised - acknowledging the privacy breach and asking they delete the emails and not share them.
"Submitters were also told, and given contact details, that if they wished to complain that their privacy has been breached by council, then contact ORC.
"Also, that if they wished they could contact the Office of the Privacy Commissioner," she said.
The council was looking to increase future checks and balances so the mistake was not repeated.
A fresh email was sent to acknowledge the submissions and next steps regarding the consultation process.
ruby.shaw@odt.co.nz
Â
If you often open multiple tabs and struggle to keep track of them, Tabs Reminder is the solution you need. Tabs Reminder lets you set reminders for tabs so you can close them and get notified about them later. Never lose track of important tabs again with Tabs Reminder!
Try our Chrome extension today!
Share this article with your
friends and colleagues.
Earn points from views and
referrals who sign up.
Learn more