Failure To Use Blind Carbon Copy On Email Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Failure To Use Blind Carbon Copy (BCC) On Email – Can I Make A Data Breach Claim?

This guide will focus on how to make a failure to use blind carbon copy on email data breach claims. This is a very easy mistake to make when sending out a group email. However, a failure to use blind carbon copy can result in your email address being exposed to a party that you may prefer does not have access to it. In this guide, we look at how these mistakes can happen, as well as the types of harm they may cause you. Additionally, we will go over the process of making a claim.

Failure to use blind carbon copy on email data breach claim guide

Failure to use blind carbon copy on email data breach claim guide

However, please keep in mind that your claim is going to be unique in some way. It might be somewhat similar to other claims, but it won’t match exactly. And because of this, we might not have covered every question you have. Don’t worry if this is the case though, we can still provide you with the answers that you need. Just give us a call on 0800 073 8804. The line is open 24 hours a day, 7 days a week. One of our claim advisors will get you the answers you need.

Select A Section:

A Guide On Failure To Use Blind Carbon Copy On Email Data Breach Claims

This online guide will act as an introduction to whether you could make a claim for an email data breach caused by a failure to use BCC. In short, it will examine how a  failure to use blind carbon copy on email may cause a data breach. We will start this guide with a graph that looks at how common email-related data breaches are. Subsequently, we then give a top-level definition of what a BCC error email is. And in this part of the guide, we also look at applicable UK laws, and the types of data that they protect.

In the middle part of this guide, we try to define the actual problem. We look at how simple human error is often a cause of email-related data breaches. Furthermore, we look at how to use blind carbon copy and carbon copy in an email properly. Additionally, some advice on how to minimise this type of mistake is given.

The following part of this guide, is related to the claims process itself. Initially, we cover how to get a claim started. Also, we look at who you can report a data breach to as part of this process. Financial aspects are also covered. We provide information about the types of damages you might seek, and an example compensation table. No Win No Fee arrangements are also explained.

Lastly, this guide prompts you to get help from our team, then provides a number of useful links and some answers to common questions.

Time Limits For Making A Claim

You need to start your email address data breach claim within the right deadline. The duration of the claim doesn’t matter, only the start date is covered by a deadline. The circumstances of the data breach will directly impact this time limit.

In general, you are going to have up to six years to start your claim. However, there are other factors that can impact this claims deadline. For example, if you are claiming against a public body, then you have just one year. To check exactly what claims deadline will apply, call and ask our claims team.

Email Data Breach Statistics

Information Commissioner’s Office (ICO) is responsible for maintaining and policing UK data privacy and security laws. As part of its function, it also collects and publishes data that is related to data breaches. We have used a sample of this data to create the graph below, that covers email data breaches.

Email Data Breaches

What Is A Failure To Use Blind Carbon Copy On Email Data Breach Claims?

What is a failure to use blind carbon copy? We will answer this question here, but first, let’s go over the nomenclature.

  • Carbon Copy (CC) – When sending an email, you can copy people into it. If you use CC, everyone else who was sent the email can see who was sent it as well.
  • Blind Carbon Copy (BCC) – When you send an email and copy it to people using BCC, nobody can see any of the email addresses that were in the BCC list.

Therefore, some people like to BCC all recipients. The downside here, is that if the recipient list later needs to be pruned, this cannot be done. If a person sending a mass email fails to BCC all recipients when they should have this means that those who do not have the authorisation to view your email address will have gained access. In such cases, this could be classed as a data breach.

Laws That Apply In The UK

We used to follow the European Union (EU) General Data Protection Regulations (GDPR) in the UK. However, since we now left the EU, we have our own data security and privacy laws. Namely, what has come to be known as UK GDPR. Also, there are other bodies of legislation such as the Data Protection Act (DPA) in tandem with UK GDPR.

Types Of Data That Are Protected

UK GDPR protects two specific types of data. Personal data and special data. Your email address is classed as personal data. But for completion’s sake, we have explained both data categories below.

Personal data is all of the specific information that is tied to you in some way. In short, data that can identify you, or be exploited in some way. For example, your email address, phone numbers, name, date of birth, and postal address are personal data, obviously. But also other information can be classed as personal data. For example, your credit card number, or your bank account number and sort code.

Special data is all of the information that can be used to find out something about you, but might not be unique. For example, your ethnic background, religion, genome data and sexual preference are all special data. Also, things like memberships of political parties, or membership of trade unions. All of these types of derivative data have to be protected under UK GDPR.

If there is a failure to use blind carbon copy on email that causes a data breach can a person make a claim? For a data breach claim to be valid the onus is on the claimant to prove that the defendant failed to adequately secure their personal information. If the organisation that is handling the personal data did all they could to keep it safe yet a data breach still occurred it is unlikely a claim would succeed.

Types Of Human Error Causing Email Data Breaches

When we think about data breaches or personal information being accessed without authorisation we often think about cybercrimes and computer systems being hacked. But in the real world data breaches are very often caused because of human error. Under UK data protection laws those organisations/data controllers that collect personal data of others must keep it secure. If organisations fail to do this they are in breach of the law. To ensure the safety of personal data it is vital that organisations make sure their employees are data-aware. This can be done through training. When training lacks it opens the door for errors such as human errors to occur leading to personal information being exposed or unlawfully processed.

How Do You Use CC And BCC In Emails?

One of the reasons that a failure to use blind carbon copy might occur, is because people do not know how to use BCC properly. Or CC for that matter. So, here is an explanation of when to use both.

  • CC – this is used when an email needs to be sent to multiple recipients within an organisation or peer group. In other words, everyone on the CC list would already have access to all of the email addresses that receive a CC copy. Furthermore, by using CC, the list can be edited at a later stage. For example, if the email conversation becomes irrelevant to part of the CC list, they can be removed from further replies and forwards.
  • BCC – this is used when an email needs to be sent to multiple, dissociated recipients. In short, to a list of people who would in general, not know or have access to the other email addresses. All email addresses on the BCC list are invisible to everyone but the sender.
  • CC + BCC – typically, a combination of CC and BCC would be used for an email that is sent both internally (CC) and externally (BCC). Thereby protecting the identity of the BCC list.

Why Do Email Data Breaches Happen?

How can a failure to use blind carbon copy on email data breach claim come about? Well, there are a number of root causes that could cause a BCC email data breach. Let’s look at them below.

  • Environment – here we are not necessarily talking about the actual work environment, but more the technological environment. For example, if the company has not enforced a group policy that ensures that both the CC and BCC fields are always visible when writing and sending emails. This is done as part of the fixed software configuration for the standardised company desktop.
  • Lack of awareness – probably the most common form of email data breach. Staff sending emails that simply don’t know what CC and BCC are.

How To Prevent The Failure To Use Blind Carbon Copy On Email

Some advice on how to prevent a failure to use blind carbon copy on email data breach claims is to train staff in proper usage of CC and BCC. These types of email breaches are often caused by human error. And here are a few tips on how to overcome this.

  • Ensure that staff are knowledgeable about their own responsibilities for protecting data under UK GDPR.
  • Train staff to understand what the difference is between CC and BCC, and to know when to use them.
  • Ensure that staff know to show both the CC and BCC fields when an email is being written.
  • Ensure that staff know what the internal reporting process is if they do accidentally cause an email data breach.

How To Sue If You Were Affected By A Blind Carbon Copy Email Data Breach

If you believe that you have a valid failure to use blind carbon copy on email data breach claim, we can help you. You can follow the three steps below to find out if your claim is valid, and to start a claim if it is.

  1. Call our claims team using the contact information at the end of the page. They are available 24 hours a day, 7 days a week. They will answer any questions you have, and provide you with critical information. For example, what the claims deadline will be.
  2. An expert advisor will evaluate your claim for you. They will let you know whether it is potentially valid or not. If it is, they will talk you through our claims process.
  3. One of our experienced team of data breach claim lawyers will begin processing your claim for you. In all likelihood, you won’t have to pay anything upfront to start the claim. As we will offer to work under a No Win No Fee agreement.

Data Breach Reporting

There are a couple of voluntary steps you can take prior to making a failure to use blind carbon copy on email data breach claim. Firstly, you can contact the data controller to find out if a data breach has happened. And if it has, how badly your data was affected. Secondly, you can report the data breach to the ICO. However, the ICO will usually only follow up on a report if your last meaningful contact with the data controller was in the last 3 months.

Non-Material And Material Damages

If you win your failure to use blind carbon copy on email data breach claim, you will be able to seek damages for two main reasons. The first is for monetary loss (material damages). This could be money you lost because of your data being exploited in some way. Or it could be money you had to pay out as a direct cost during the claims process. For example, telephone charges, postage or photocopying.

The second is for mental harm caused by trauma and stress (non-material damages). You don’t have to have suffered a financial loss to claim for non-material damages though. The Court of Appeal heard a case back in 2015, Vidal-Hall and others v Google Inc, that set a precedent. The claimants were successful and won compensation for mental harm, but had not incurred any monetary loss. Because of this precedent, you can potentially do the same.

Calculating Failure To Use Blind Carbon Copy On Email Data Breach Claims

Working out an average compensation amount for a successful data breach claim is impossible. As each claim has its own unique aspects. Instead, you can use the table below to work out which compensation category you might fall into. We used the guidelines that are produced by the Judicial College to make this table. Another option, is to try using our online compensation calculator to get a rough estimate of the value of your claim.

Level of HarmPsychiatric IssueLikely DamagesMore Data
SevereMentalharm£51,460 - £108,620An overall bracket of damages that covers severe psychological conditions. In all likelihood, this will have been the result of exposure to severe or repeated mental trauma. The symptoms that are manifested will have a harsh negative impact on your life quality. Additionally, even once treatment and therapy are complete, there will likely be some ongoing mental health problems.
Moderately severeMentalharm£17,900 - £51,460An overall bracket of damages that covers moderately severe psychological conditions. In all likelihood, this will have been the result of exposure to significant mental trauma. The symptoms that are manifested will have a measurable negative impact on your life quality. Additionally, even once treatment and therapy are complete, there could well be some ongoing, yet diminished mental health issues.
Less severeMentalharmUp to £5,500An overall bracket of damages that covers less severe psychological conditions. In all likelihood, this will have been the result of exposure to shocking or mildly traumatic events. The symptoms that are manifested will have a minor negative impact on your life quality. However, once treatment and therapy are complete, you should make a full recovery.

No Win No Fee Failure To Use Blind Carbon Copy On Email Data Breach Claims

You could be able to use a No WIn No fee solicitor to make a failure to use blind carbon copy on email data breach claim. You would not pay your solicitor a fee upfront at the start of the claim, nor whilst it is being processed. If the claim fails, you still don’t pay the solicitor a fee. If it is won, a modest success fee may be due, that is legally capped. It can be collected from the settlement the lawyer was sent for you.

Get In Touch With Our Data Breach Team

Do you need some legal help to make a failure to use blind carbon copy on email data breach claim? Or perhaps some additional answers to questions? Then use the contact information to reach out to our team, any time of the day or night.

Telephone: 0800 073 8804

Use our webchat or fill in a contact request.

Learn More

Here are some useful external links.

Understanding Secure Email

Email Marketing Guidelines From The ICO

What Is SPAM Email?

Here are some links to more of our data breach guides.

Employer Data Breach Claims

Claiming For Post-Traumatic Stress Disorder

How To Claim For A Social Services Data Breach

Email Data Protection FAQs

Here are some short, simple answers to common email data breach claim questions.

What is a CC instead of a BCC mistake in GDPR?

This happens when your email address is exposed as a CC recipient when you should have been a BCC recipient.

Is revealing my email address a breach of GDPR?

Yes, your email address is considered to be personal data and cannot be shared unless there is a lawful basis.

Are emails covered under the UK GDPR?

Any personal information collected by a data controller is covered by the GDPR

Can you claim compensation for a data protection breach?

Can you make a failure to use blind carbon copy on email data breach claim? To hold a valid data breach claim you must be able to establish how the defendant failed to protect your data.

Other Useful Compensation Guides

Guide By Wheeler

Edited By Goldasz

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :

    Latest News