The Dutch Data Protection Authority (Dutch DPA), which supervises the compliance with acts that regulate the use of personal data, was rather red-faced this week when it sent out a newsletter with all of the recipients in the Cc: field instead of the Bcc: field.

DPA's news letter goes out to 4000 subscribers. The DPA, which supervises the compliance with the Dutch Personal Data Protection Act and the Dutch Municipal Database Personal Records Act, was lucky that 'only' a thousand subscribers received the letter, but it managed to make the mistake twice. In a message it apologised for sending the first letter, again putting all recipients to the Cc list, so a second apology had to be sent.

The Dutch DPA advises the government, tests codes of conduct, studies technological developments, handles complaints, evaluates processing of personal data and, if necessary, takes enforcement action.

In 2002 Eli Lilly, one of the world’s leading pharmaceutical companies, got punished over its accidental release of subscribers’ email addresses to all those who receive as prozac.com email alert. The company had to pay a fine of $160,000, divided among the states of New York, Massachusetts, Connecticut, Idaho, Iowa, New Jersey, Vermont and California.

Related stories

SurfControl distributes email mailing list
Symantec spills email addresses of list subscribers
How secure is CA's security mailing list?