ADVERTISEMENT
Manila Bulletin devider Technews devider NPC warns email 'cc' misuse risks data breach

NPC warns email 'cc' misuse risks data breach

Increased incidents linked to 'cc' errors since 2021 prompt call for better email practices; BCC feature and training highlighted as preventative measures

Published Aug 7, 2023 04:22 am

At A Glance

  • The NPC has identified a significant increase in security incidents since 2021, primarily due to human errors associated with misusing the "cc" feature in emails. This misuse jeopardizes the privacy and security of email recipients.
  • Utilizing the "cc" function inappropriately can lead to accidental disclosure of personal information, potential spam, phishing attempts, and even targeted attacks. It may also result in unauthorized access to sensitive and confidential data within the email body or attachments.
  • Mistreating personal information by incorrectly using the "cc" function might sometimes be considered unnecessary or disproportionate, potentially violating general data privacy principles per the Data Privacy Act (DPA).
  • The Commission suggests using the blind carbon copy (bcc) feature as a more secure alternative to "cc." It further underscores several email best practices, including reviewing email recipients, using "bcc" for bulk emails, safeguarding sensitive content, and regularly training staff on these measures.
  • The Government and Private Sectors should recognize that neglecting to follow data protection protocols can result in penalties under the DPA and specific NPC directives.<br> 

The National Privacy Commission (NPC) has recently brought attention to the dangers of misusing the carbon copy (cc) feature in email communications.

Since 2021, the NPC has noted a rise in security incidents tied to human errors related to the "cc" function. Such errors often lead to unintentional data exposure, compromising the privacy and security of those involved.

Key risks associated with the "cc" function include:

• The "cc" function displays the email addresses of all recipients to every recipient. This may result in unintentional disclosure of personal information, leading to spam, phishing attempts, or targeted attacks.

• Inappropriately using "cc" may give unauthorized persons access to personal and sensitive personal information, confidential information, and restricted information that may be contained in the email body or its attachments, resulting in a breach of confidentiality, data sharing, and other applicable non-disclosure agreements.

• Mishandling personal information by using the "cc" function, under certain circumstances, may be unnecessary or not proportional to the purpose, which can be regarded as a violation of the general data privacy principles in the DPA.

As a safer alternative, the NPC suggests considering the blind carbon copy (bcc) feature, which hides recipient email addresses from one another, thus minimizing the risk of accidental data exposure.

The Commission further recommends several best practices for email communication:

1. Thoroughly review email recipients and ensure those listed under "cc" are necessary.

2. For mass emails or announcements, use "bcc" to keep recipient addresses concealed.

3. Be cautious of the sensitive information contained in emails and attachments. Employ additional protective measures like encryption, password protection, or secure file-sharing platforms.

4. Regularly train employees to adopt these recommended email practices.

The NPC emphasizes that both Government and Private Sectors should be aware that non-compliance with data protection protocols may result in penalties as per the DPA and relevant NPC directives.

For additional information and resources on data privacy, the public is encouraged to visit the NPC's official website at www.privacy.gov.ph.

ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.