Privacy Peril: Tennessee Two Step

May 13, 2022
Firm Publication

This Privacy Tip stands at the intersection of communication privacy, client confidentiality and email etiquette.

If you BCC someone on an email, can any of the direct or CC-d recipients determine who were the BCC recipients? No, though the sender obviously can view the BCC recipients from the “Sent” copy.

Further, can a direct or CC-d email recipient with technical skills somehow “reverse-engineer” an email and discover the BCC recipients? Again, no.

Technically, you can therefore safely blind copy anyone on an email. Should you? No, you should not.

We are all too aware of the dangers of “Reply All” emails, particularly iPhone users. So what happens if your BCC-d client “Replies All” to the email you just sent? All the original recipients could receive what your client erroneously assumes is a privileged and confidential communication. Privacy, confidentiality and warm client relations are out the electronic door.

Best practice? Do the “Tennessee Two Step.” Send your email only to the direct intended recipients. Then either forward a copy of that email to your client or attach it to a newly-created email. Someday you’ll be glad you did.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.