As someone who has been using email for over 30 years, you’d expect that I might learn the pitfalls that expose themselves to email users all the time. Things like the dreaded “Reply All” syndrome, when you attempt to send a cute reply to someone and end up by sharing the cuteness with everyone who was copied on the original message. Invariably this results in the message being delivered to hundreds of people, many of whom are totally underwhelmed by the content of the message and some who might wonder whether I ever spend any time doing anything productive. Such is life.
Last week I committed a cardinal sin by BCC’ing someone on a message that I sent to a confidential distribution list. BCC isn’t a bad thing as such. Like CC, its name evokes memories of carbon paper being slipped between sheets of paper so that a typewriter can create multiple copies of important letters. And used properly, BCC is an excellent way of making sure that the recipient hears about information that they need to know without exposing them as a recipient. But when you make some a BCC recipient, they can reply all themselves and that’s when a world of pain can sometimes be exposed.
Of course, my stupidity in addressing this particular person through BCC was swiftly rewarded when that person sent a note to the other recipients. The facts that the distribution list was discussing confidential information and that they were not a member of the list were blissfully ignored. All that mattered (in their mind) was that my BCC recipient could reach out and communicate their thoughts to the list, whether or not the members of the list wished to be communicated with – but that’s another matter.
You can imagine my horror when I received a copy of the note sent to the list from my BCC recipient. I was exposed as someone who had committed a bad thing by exposing the existence of the list. Fortunately, the original note didn’t contain anything confidential such as new product information, availability dates, problems with code, or anything like that (and if I had revealed such information, I would have expected some consequences from the owners of the list such as being expelled from the list). But that doesn’t matter. What does is that I screwed up and did so very publicly. And although I was incandescent with passing rage because of the rank stupidity of my BCC recipient the blame remained solely mine.
I’ve learned a lesson from this experience. I’ll think more carefully before I use BCC in the future. And I will think about whom I share information with and the guidance that I give to people when I do share information. The thought strikes me that some of my correspondents might well benefit from a label in 32 point bold and underline text saying “Confidential – DO NOT FORWARD OR ATTEMPT TO COMMUNICATE WITH THE PEOPLE WHO RECEIVED THE ORIGINAL MEMO”.
But then again, even products such as Active Directory Rights Management Services working in conjunction with Exchange 2010 and Outlook 2010 couldn’t give me the kind of protection that’s required from stupidity on the part of a recipient who isn’t part of the same infrastructure. It therefore falls back to the human being to protect themselves against the actions of others. Hasn’t it always been that way?