With much of the correspondence in each of our credit unions currently being electronically exchanged internally and externally with members and vendors, there is a potential for errors to be made.
Recently a credit union employee received an email from a vendor which was obviously unintended that included another financial institution’s sensitive customer information. The vendor contacted our employee upon realizing the error and requested the employee delete the email and followed up with an affidavit for the employee to sign indicating that none of the sensitive information sent in error would be maintained or used in any malicious way.
With Outlook prepopulating email addresses that were most recently used, it could easily lead to a situation at our credit unjion where an email could be inadvertently sent to an outside contact in error. If the email sender doesn’t realize that one of the email addresses prepopulated is not the intended internal recipient, but is actually an external member or vendor with the same or similar name/email address, the email could be sent that had sensitive information that was only meant for internal use.
We are in the process of reviewing policies and procedures and felt it would be a good time to determine if we needed to update our processes for emails, to inlcude steps taken if an email was sent to the wrong recipient in error.
1) Does anyone handle an email error by following up with the erroneous recipient requesting they delete the email and also sign an affidavit of some kind?
2) What steps are taken for the credit union members that may have had information sent out within the email?
3) What repercussions are there for the employee who made the error?
We would like to have some steps in place to ensure that when/if this occurs we can be on top of mitigating the situation.
Thank you.
Kathie Harmon
Advancial
