A new Winkworth Sherwood partner has come a cropper after failing to blind copy 600 contacts taken from his former firm in an email informing them of his move.
New employment partner Blair Adams, who joined from Wedlake Bell, managed to commit the apparent data breach on his first day in the job last Monday.
Adams emailed approximately 600 contacts to tell them he had moved firm. Unfortunately he put all of their names in the "To" field rather than the "Bcc" field, so they could all see each other's email addresses.
Several of the humourless contacts have filed complaints, according to a source.
"First email, sent!"
Wedlake Bell Managing Partner Martin Arnold was said to be "incandescent", not least because Blair's electronic file of clients was downloaded from Blair's Wedlake Bell account.
Both Winckworth Sherwood and Wedlake Bell have reported the breach to the ICO and are considering their duty to report Blair to the SRA, RollOnFriday understands.
Arnold told RollOnFriday, "We know that on Monday 1st July, an email was sent to various people by our former Partner Blair Adams from his Winckworth Sherwood email account. The matter is being dealt with appropriately".
"It is important to stress that Wedlake Bell had no knowledge that Blair Adams had taken any client contacts from his Outlook account before he left the firm", he added, "other than those where client consent had been received".
A spokesman for Winckworth Sherwood confirmed that “a new starter" at the firm "accidentally shared a limited number of email addresses by inadvertently using the ‘to’ field instead of the ‘bcc’ field when sending their new contact details".
"This was an isolated incident and the email addresses were the only data shared", he said. "On becoming aware of the issue we acted promptly to expunge the data from all devices and systems. We have self-reported the matter to the relevant regulatory authorities.”
Comments
Whoopsie!
If I received that email, I wouldn’t care one jot about others seeing my email address. What I would care about is the fact that he was idiot enough to think a mass email was an appropriate way to communicate with supposedly valued contacts. When I last moved roles I spent over 7 months managing and contacting my contacts list, and that list only had about 175 people on it. Quality not quantity dear boy.
Possibly also a criminal offence under the Data Protection Act 2018?
Anyone who raises a complaint about this kind of utterly harmless error is a total retard.
Dearie @ 08:51. Spot on. As an ex-inhouse lawyer I agree that the only way to properly inform contacts about a move (and to demonstrate you really care about and value the relationship) is to communicate directly with them one-to-one. Firms also need to be clear to new employees and partners about how they expect marketing/BD comms to be handled to ensure it protects the contacts' identities, doesn't breach GDPR, protects the firm's reputation, and demonstrates that the individuals and firm know how to respect client/contact information.
I can think of many of my Partners who would probably make the same mistake, put in the same position.
Many of them would probably require assistance in starting Outlook in the first place, and a goodly number would need detailed instructions on finding the address book, let alone exporting it.
Loving the picture, ROF. Good work.
I find it embarrassing that people bother to get upset about ridiculous shit like this. Show what a boring and fake industry this is...
Is this minor whoopsie even mildly embarrassing? Who cares? Of course he's going to inform his contacts. The attitude of the previous firm is positively Stalinist. More "issues" for the GDPR idiot-nerds to salivate over.
Data protection is the new 'ealth and safety.
Surely the bigger concern is any non-dealing clauses/restrictive covenants he had in his previous contract with Wedlake Bell?
He's got problems: https://www.lawgazette.co.uk/practice/paralegal-barred-by-sra-for-taking-client-information/5048537.article
@Anonymous 13:09
Precisely. The issue is not the failure to use blind copy; it is taking contacts from his old employer. This could be criminal offence.
@Anonymous 13:09, @Anonymous @13:38
He only has problems if the SRA actually go after a senior lawyer for this. They seem to prefer hitting the soft targets.
Anon at 14.46: absolutely. He has committed an offence that's a given but whether anything will (and should) be done about it is something entirely different.
Anyone who gets upset about this is a complete bell-end and should reassess their life priorities.
Everyone has made a similar mistake at one point or another. Of course, there are GDPR implications and it's unfortunate and a bit stupid, but it's easily done and but nobody died. Perspective and common sense should prevail here.
It is important to stress that Wedlake Bell had no knowledge that Blair Adams had taken any client contacts from his Outlook account before he left the firm", he added, "other than those where client consent had been received".
And, of course, at no point in interviews did they ask the question, "What's your following, mate?".
@ Anonymous 16 July 19 10:31
"it's easily done" - You mean downloading hundreds of contacts from your old employer?
"nobody died" - Have you thought of becoming a defence lawyer? I can imagine the Magistrate being totally blown away by that argument in relation to a prosecution under s.170.