Personal data relating to employees accidently sent to an outside recipient.
Records accidently sent to an outside recipient due to the data controllers’ e-mail system automatically predicting the intended recipient based on previous sent messages.
Undertaking issued to ensure that personal data will only be sent by email when necessary. Data should be made secure and staff should be made aware of company policies.
Reason for action
Insufficient measures were taken to prevent an accidental loss of unsecured personal information.
19 October 2011.