The Information Commissioner’s Office has published new guidance on email security, with emphasis on safety when sending to multiple recipients which is relevant for pension schemes when emailing their membership.
The principal points include:
- Awareness that showing which people receive an email could disclose sensitive or confidential information about them.
- How to assess what technical and organisational security measures are appropriate to protect personal information when sending bulk emails.
- Giving pointers for training staff about security measures when sending bulk communications by email.
- Considering whether using secure methods, such as bulk email services or mail merge services, is more appropriate, rather than just relying on a process that uses the BCC function. This helps ensure that personal information is not shared with other people by mistake.
- If an email is to be sent to a small number of recipients, consideration should be given to sending each message separately, rather than one bulk email.
As regards pension schemes, administrators should remember that whether information is sensitive can depend on the context and consideration should be given to the impact a breach could have on members. For example, financial information or information that might be used to commit ID fraud would be sensitive information for these purposes.