Hastings Borough Council data breach on eve of new rules

The new EU law comes into force on Friday Image copyright Getty Images
Image caption The new EU law comes into force on Friday

On the eve of strict new data regulations being introduced a council email about the changes accidentally revealed people's personal data.

Hastings Borough Council's culture team sent out correspondence about the General Data Protection Regulation (GDPR), which comes in on Friday.

It provides Europeans with new data protection rights.

The authority has apologised after revealing the email addresses of all recipients to each other.

On Twitter John Pratty said: "Our Borough Council just sent out their GDPR email for arts list people asking for a simple opt-in or opt-out email reply.

"Unfortunately they CCd everyone. Yes, everyone. Want to buy a good arts contact list? #GDPRday"

'Negative consequences'

A spokesman for the East Sussex council said: "This was human error, an apology was immediately sent out afterwards. Our most sincere apologies."

The member of staff did not blind copy (Bcc) in all contacts, which would have ensured the email addressed were not revealed.

A follow-up email asked to reply and then delete the previous correspondence.

Had the email been sent on Friday, it would have constituted a breach of personal data.

Under the new rules businesses must report any data breaches to the Information Commissioner's Office within 72 hours if they have "potential negative consequences for individuals".

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites