Having heard the news about the mistake at EQC resulting in claim details being sent to external parties (and one that has it in for EQC at that), our senior management have started to question whether we would be at risk here (as they had heard it was a 'system issue'). In this instance EQC are blaming Outlook's autocorrect functionality for the mistake.
Please see http://www.nbr.co.nz/article/privacy-commissioner-thinks-about-writing-letter-eqc-admits-breach-affected-83000-ck-137700 for a source if you are unfamiliar.
I was keen to hear others take on the whole situation. I know that auto-correct is absolutely loved by our staff here, many of whom are not massively literate computer users, so they appreciate the time savings it provides them.
Of course, human mistakes are always going to happen, I'd suggest the EQC case was a rather unfortunate one. Disabling email auto-correct as a whole seems somewhat knee-jerk to me though. Taking a step back I think emailing large documents arounds the office (for purely internal use even) was perhaps the bigger issue.
I've suggested we implement a policy of only ever sending references into our document management system around, that way if there is a mistake and something is sent to an external party, they will not be able to access the document, and really it's no harder for our staff (not to mention the other benefits - avoiding large attachments, duplicating data, etc). This generally happens now anyway, but I think it is perhaps a good time to formalise it a bit more.
Of course, always being vigilant about who you are sending to, and what you are sending them, is important!
Thoughts?
Trusted
Microsoft NZ
