MANILA, Philippines — The National Privacy Commission (NPC) is reminding personal information controllers of the unintended data exposure brought by misusing the carbon copy function in e-mails.
“We have observed the high number of human errors, specifically the inadvertent use of the cc function, as a cause of security incidents, which have risen in number since 2021,” the NPC said in a statement yesterday.
“Such errors have led to unintended data exposure, potentially compromising the privacy and security of the data subjects involved,” it added.
The cc function displays the email addresses of all recipients to every recipient.
“This may result in unintentional disclosure of personal information, which may lead to spam, phishing attempts or targeted attacks,” the NPC explained.
Inappropriately using the cc function may give unauthorized persons access to personal, sensitive, confidential and restricted personal information that may be contained in the email body or its attachments, it added.
“In the alternative, the Commission encourages to check if the blind carbon copy (bcc) function is a more appropriate mode of delivery of emails,” the NPC advised.
The bcc function would conceal recipients’ email addresses from each other.
“Be mindful of the personal and sensitive personal information shared in your emails and its attachments. It is desirable to apply other safeguards such as encryption, password protection and secure file-sharing platforms in certain instances,” the NPC added.
Failure of the government and the private sector to implement sufficient data protection measures can be punishable under the Data Protection Act and NPC issuances.