Privacy Protection - Companies: Think Before You Click

At the end of August, 2015, a "Head Teacher" of one of the largest dispatch companies in Japan sent out a newsletter in which he pasted the e-mail address of every recipient into the "TO:" field instead of the "CC:" field, thus revealing the private e-mail addresses of everyone that the e-mail was intended for to everyone who received it.


This is a problem.


The General Union knows that mistakes happen and human indolence often leads to human error - as was evidently the case here. Someone decided to be lazy, and - in doing so - inadvertently encroached upon everyone's rights to privacy and data protection.

However, the General Union is still bringing this to light because - as stated - it IS a problem, and one that cannot be easily dismissed with a shrug and the lament of "well, mistakes happen".

Here is why it's an issue:


AN INDIVIDUAL PERSPECTIVE

While it is unlikely that everyone in that mailing list will use other people's emails for nefarious reasons, the potential is there if someone now wanted to do something like that - for example, selling those e-mails to spam-mail companies, signing them up for pornography, or using their e-mails as "burner addresses" to register with questionable websites so that the individual in this example would not have to use their own personal information instead.

Equally, it opens up the possibility that one member of that mailing list now has the information necessary to harass another member of that list with unsolicited attention, should they wish to do that.

You can use your own imagination to think of additional scenarios in which you wouldn't want someone to know your e-mail address without your permission.

So, there is the breech of personal information to consider, unwittingly or not.


A COMPANY PERSPECTIVE

For the company with whom the "Head Teacher" is associated, however, this seemingly minor mistake has bigger implications.

For one, it is another example that a company which is supposed to be taking the protection of your private information seriously... actually isn't doing that at all.

At some point, after all, the company in question has given the private e-mail addresses of everyone to the "Head Teacher" so that the "Head Teacher" can do their assignment of sending out newsletters in exchange for whatever bonus that the company is providing them for fulfilling their role (keeping in mind that a "Head Teacher" is little more than an ALT who receives a slightly higher salary for shouldering some of the administrative burden).

Yet, the fact that the "Head Teacher" has access to this information at all is a clear example of how the company has given private information to someone who - while requiring it - has no right to access that information. Again, the "Head Teacher" is not a member of the administrative office staff - they are just ALTs with slightly more responsibility.

At which point did anyone consent to allowing the "Head Teacher" to have access to that information? Moreover, why isn't there a means in place which allows a "Head Teacher" to mail to an anonymous group, rather than to individuals, when that system exists and is used by companies all over the country.

Why is there no vetting system in place so the branch staff can check the e-mails before they go out, instead of just handing the work off to someone else and forgetting about it?


TRUST: THE CRUX OF THE ISSUE

This arguable lack of care in regards to the safety of personal information is one of the reasons why people don't trust companies when they attempt to do things that they (the company) believe is in the interests of their employees.

For example, you may remember when the General Union reported that Interac had - without asking permission - given private e-mail addresses away to a third-party company as part of a emergency contact system ("INTERAC JUST GAVE AWAY YOUR E-MAIL ADDRESS" - http://tinyurl.com/qceyq7r).

While some people did see the altruistic value of such a system, the majority of people were outraged that the company had taken it upon itself to do as it saw fit with confidential information.

Why did people immediately assume that there was something more odious at work behind the scenes? Because a history of blasé attitudes towards privacy rights (and rights in general) breeds that kind of suspicion. You don't need a master's degree in business to understand that negative actions are viewed negatively.

Furthermore, violating someone's rights in order to do something altruistic does not make that violation okay - especially if the individual who's rights are being breeched never wanted that thing in the first place. Companies don't get to decide how and when they can disregard rights just because they might be doing something that they believe is "good" or "right". The road to Hell is, as they say, paved with good intentions.

Aside from the lack of trust that these kinds of events sow, there is also the subject of public relations to consider.

These kinds of mistakes, however small, damage a company's public image - especially when that image is (questionably) not great to begin with.

As stated, it was a small mistaken that can easily be attributed to negligence or a lack of competency with technology, but - given that the relationship between the person making the mistake and the people suffering from the mistake is a professional one, due to the professional relationship between the offender and the company - it is one mistake too many. The damage is done.


CONCLUSION

Be that as it may, in this instance, the General Union is not out to punish anyone or get anyone in trouble. The likelihood is that - beyond the concern that has once again been raised with us about this issue - the branch's management will never even be aware that there was an issue to begin with, and everything will be forgotten until the next time someone has their private information given away, and the next time after that, and after that...

Thus, the point of this article is as follows: the General Union implores all companies and organizations to take the protection of their employees' private information seriously - especially if they are just as serious about their image and reputation. To care about an employees' rights is to show respect to that employee, and respect goes a long way.

Additionally, the General Union urges people - members and non-members alike - to be mindful of these kinds of breeches of privacy, and to raise the issue if and when they occur. Ignoring privacy issues like these gives companies the confidence to push the envelope further and further to see what they can get away with before someone cries foul and they have to back it off just a little until things have calmed down again.

Companies should never have the confidence to see how long they can trample on someone's rights until they're caught. There should never be an attitude of "well, it's not a crime if I don't get caught" in place.

Neither you nor the General Union should have to keep companies in check - but we DO have to, and it is a community effort.

We can only fight what we know about, and we can only shout in one voice to get the message across. With your help, let's make that voice LOUD.



If you're concerned about breeches of privacy or have a complaint about how your company has given away personal information without your consent, contact the General Union at:

union(@)generalunion.org



Do you know of any other instances where private information was given away? Did it happen to you? Talk about it on our official Facebook page at:

http://www.facebook.com/GeneralUnionJapan




footer ffooter hfooter mfooter s

Additional information