CC email data leaks and claiming compensation

CC email data leaks, as we sometimes refer to them as, are events where personal details are exposed as a result of many people receiving an email where they can see the details of other recipients.

Victims of this kind of data breach could be entitled to pursue a claim for compensation with us a on a No Win, No Fee basis. There have been many over the years, and there was a recent one at the end of 2021 where The Midlands Partnership NHS Trust reportedly sent an email this way for people involved in a Covid vaccine trial.

Such incidents are often put down to human error and are sometimes dismissed as minor by the offenders, but they can actually have very serious consequences, as we will explain below.

What are CC email data leaks?

What we define as CC email data leaks refers to when emails are sent to multiple recipients and the sender uses the “CC” function (“Carbon Copy” function) to send the same email to many different people. The problem with this is that this discloses the email addresses and sometimes the names of the other recipients, as email addresses can be tagged with names. Unless there is consent for those receiving the email to know each other’s identities and/or personal contact details, this can constitute a breach of privacy.

Two key points to press in the case of CC email data leaks are the use of proper ways to mass-communicate, and the context of the email. There are plenty of mailing platforms out there that people can use to send an email to hundreds, thousands, or even hundreds of thousands or millions of recipients with the click of a button. They have been around for years, and we have been using them for years as well. They can ensure that many recipients can receive the same email without seeing the details of the other recipients.

Even the use of the “BCC” function (“Blind Carbon Copy”) can be a dangerous and outdated method. As we said above, there are mailing platforms to use, and the BCC method risks accidental leaks when the CC function is used in error instead.

The second thing to note is the context of the email. If it is an email advertising an event to people who are customers of a retail company then this can still be a breach, as people may not want others to know their contact details. But this may be seen in law as a minor breach, although victims could still be eligible to claim. But if one of the recipients keeps their details very strictly confidential due to an abusive ex-partner, as an example, then this could mean the impact for them is worse, and this can then be taken into account. Or, as we will touch on below, if the recipients are all people receiving treatment for a private and sensitive medical status like HIV, the impact can be substantial.

Sometimes, when a data leak involves personal names and contact data, organisations guilty of the breach pass it off as a minor event. When you consider the context, it could be incredibly severe.

What can people do about such breaches?

We have already touched on above that context is key, and referenced where a HIV status is leaked in an email. This happened in the 56 Dean Street Clinic data leak of 2015 when almost 800 people, most of whom were service users for HIV treatment, received a generic email from the clinic using the CC function. We have settled a number of cases for victims of this particular data leak, which remains one of the most substantial to date.

Victims of CC email data leaks could be entitled to claim compensation and could be eligible to recover damages for any distress caused by the loss of control of their personal information. Context is key, as is the level of the impact on the victim. Generally speaking, the more a person suffers, the more their data breach compensation pay-out can be.

The team is here to help

You could be eligible to benefit from No Win, No Fee legal representation as a victim of a data breach.

Please do not hesitate to contact the team here now for free, no-obligation advice.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.