undefined | Better HN

0 pointsraxxorrax6y ago0 comments

Auto-completing e-mail adresses is a GDPR violation? Because you could iterate them and see all the contacts? Seriously?

0 comments

richthegeek6y ago

Any exposure, intentional or accidental, of PII to a non-authorised person is a GDPR violation. An email address is PII as it's unique to that person.

Consider the Ashley Madison breach - there were websites that let you search for an email address and see if it was included. Even without the name or address of the person it was sufficient PII to cause damages (however 'deserved').

raxxorraxOP6y ago

On public websites I would agree, but all our mail clients have auto-completion. So would we need to turn that off? Would probably disable half the company.

I don't know who Ashley Madison is but that sounds far beyond sensible protection. Given, auto-completion is restricted to employees plus some locally saved contacts. It is just the standard outlook-exchange setup.

unionpivo6y ago

You can set up what (groups) autocomplete as a admin on both outlook and g suite (probably other providers).

Otherwise it's only people you have been in contact with.

moksly6y ago

No, but sending all that personal information to the wrong person is, and it’s the most common GDPR violation in my country.

j / k navigate · click thread line to collapse