Bank of Valletta has risked falling foul of data privacy laws by using the CC function instead of the BCC function when sending out a secure message to several clients.
A spokesperson for the bank confirmed the incident with Lovin Malta and said they are looking into the matter.
Alex Dreyfus, CEO of a major Maltese blockchain company, lashed out at the bank on Twitter, warning this blunder will not help its European Central Bank review.
— Alexandre Dreyfus (@alex_dreyfus) December 16, 2019
Indeed, failing to use the BCC function when sending out an email to several clients is in breach of the EU’s GDPR data protection laws, as it qualifies as revealing people’s personal details without their prior consent.
Lovin Malta has asked the Information and Data Protection Commissioner whether it will be investigating this case.