June 5, 2020

June 04, 2020

Subscribe to Latest Legal News and Analysis

June 03, 2020

Subscribe to Latest Legal News and Analysis

June 02, 2020

Subscribe to Latest Legal News and Analysis

City of LA Email Blunder Exposes COVID-19 Test Results to All Recipients

Although email seems to be the preferred method of communication during the coronavirus pandemic, an error made by a City of Los Angeles employee is one to learn from and avoid repeat.

Unfortunately, when emailing COVID-19 results to multiple individuals, instead of blind copying the recipients with the results, a staff member from the City of Los Angeles typed the full email of the recipients in the To column, instead of in the Bcc column, so all of the recipients could see each others’ full email addresses and who received the test results from the City. Obviously, it is pretty easy to find out the identity of individuals when you have their email addresses, so all of the recipients potentially found out each other’s results.

The good news is that the mass email was informing all of the recipients of the email of a negative COVID-19 test. One can only imagine how distressing it would have been if the email was informing the recipients of a positive COVID-19 test result.

The lesson learned here is an old one, but an important one—verifying the recipients of any email and whether they should be in the To, the Cc or the Bcc column, and checking and re-checking that they are in the correct column is an important cyber hygiene measure to take to protect individuals’ privacy.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...