I received a curious email today - an internal correspondence between a manager and some employees of a large Israeli travel agency, discussing a problem with billing some clients - including a screenshot from the internal ordering system, with the full details of a couple of credit cards, expiration dates, CVC numbers, personal details, etc. After the initial surprise, I guessed it was a typo error when filling the To: field in an email, and my name was autocompleted by mistake. I dealt with this agency once, about three (!) years ago, and so apparently was in the contacts list of the manager.
I responded with a somewhat cynical response informing about the mistake, and hoping that such a serious company would be more careful with my financial details as a customer. I received a quick response with an apology and an assurance my details are "out of reach of the systems' users". Oh, and the response began with - "Honorable DR,"...
Besides the humorous aspect, and the personal mistake made by the sender, such mistakes are inevitable, and are symptoms of the problem with the system, not the user. People will always make mistakes, and the design of the current email apps and the contacts autocompletion is that it is very easy to enter the wrong recipient - and hard to notice the error, especially when two people may have the same or similar names. Thus it is quite easy to sent some personal or sensitive internal communication to the outside world - and it's a mistake that might be impossible to undo. And in the specific case described above - I wonder why would my email even be in the autocompletion list, after a short communication three years ago?
Some solutions exists, but aren't sufficient or widespread at the moment.
One is to completely separate internal and external networks - to reduce the chance for information leak. This is used in security related organizations, but is very difficult to justify in most situations as internet access is critical in today's workspace. And it still does not prevent from sending an email to the wrong person in the organization (I remember quite a few such cases from my own service, ranging from highly classified information to very intimate conversations being misdirected).
A much more productive direction is for the system to give the sender a lot more information about the intended recipient, making spotting a mistake very easy at a glance - a thumbnail picture (like when sending a message in Facebook, also possible for internal organizational users), his/hers role or company name, and perhaps an infographic of how frequently are you communicating with that person.
I don't remember at the moment, but I read of some start-ups who have a product that enriches the email interface with lots of useful information about the recipients. And there's a Google Labs experiment called "Got the wrong Bob?" that tries to warn you if you choose a wrong recipient based on your usage patterns.
If you know of any existing solutions for this being employed, or have similar stories - you are welcomed to share...
Well, I could think of many solutions, such as not taking screenshots if what you need is internal communication. Instead, that billing/CRM system needs a "Send Mail" button, that sends the details in an internal correspondence. This system will be blocked by the organization mail server from sending mail to the world.
ReplyDeleteThere are DRM solutions that are trying to deal with screenshots and other data leakage as well.
GMail has a lab feature that tries to deal with that - it is called: "Got the wrong Bob?". Also, the lab feature that enables to undo sent mail can be useful if you realise you have just made a mistake but already pressed send.
ReplyDeleteHowever, I agree that it is not the best solution and it is still easy to get confused. I would expect something more similar to the one you suggested.
Funny, I mentioned the "Got the wrong Bob?" feature in the last paragraph of the post...
ReplyDeleteI've actually set the Gmail Labs "undo" feature for the longest possible 20 seconds, and have used it a few times. I would even prefer if I could undo in this 20-sec window after leaving the original window.
Sorry... I probably skipped the last paragraph when I read the post.
ReplyDelete