10 tips to prevent email errors

November 2025

It’s confession time. I recently copied the wrong person on an email. Same first name, different surname. It was easily resolved. But for someone in my line of work? Shameful. It’s like a chef putting ketchup on a pasta dish. Nonetheless, I decided to try my best to learn from the experience. Which got me thinking about two issues in particular:

a) Email errors are not just one of the major causes of personal data breaches, but also downright awkward even where there’s no personal data risk. They can lead to sharing commercially sensitive information, or opinions. Crucially, they can breach client trust.

b) What are the best ways of reducing instances of human error?

I know I’m not alone. Other data protection folk have admitted making the occasional mistake too. A good friend of mine once accidentally sent an email to a client – not a data breach but she did lose the client. I’ll also never forget receiving an email and finding myself reading a fellow colleague’s rather disparaging views about my team.

Of course, there are the frequent data breaches – both big and small. These are often caused by mistakes such as the wrong recipient, or use of the CC field for multiple recipients.

Yet, for many, it’s ‘just one of those things.’ Oops! Then the embarrassment fades… until next time. So is it really enough to keep reminding people to double check before sending? Won’t there always be times when we’re overworked, dashing to go on holiday, or distracted by personal issues?

People will continue to make mistakes. To err is human.

Is it good enough to rely on recall features? Probably not, as in practice they are often completely ineffective. So what else can we do?

10 email tips

Here are a few suggestions for reducing the risk:

1. Disable or restrict auto-fill
Yes auto-fill is a handy way to quickly go through our address book and predict who we want to email. Nonetheless, it sometimes chooses the wrong person… and we don’t notice. This is what got me. I’ve disabled this feature, and shouldn’t have had it enabled in the first place. I am now very content to spend a couple of seconds finding the right email address.

2. Avoid email altogether 
Encourage (or insist) that staff who need to share attachments, personal data or any other sensitive information use links to protected SharePoint folders/files rather than using email.

3. Attachments
Use software to prevent or restrict any email containing an attachment.

4. Detect personal data
If 3. is a a step too far, use software which automatically detects personal data in attachments or email content and prevents it being sent – or prompts people to check they really want to send.

5. External recipients
Implement user prompts for external email recipients – ‘are you sure you want to send this externally?’

6. Multiple recipients
Use controls which alert users if they’re emailing multiple recipients using the CC field and prompts them to use BCC. Alternatively for teams who routinely send emails using BCC, use an alternative bulk mail solution.

7. Delay on send
How often do you spot an error just after you’ve sent an email? Setting up a delay on send for your staff, gives people a chance to correct their mistakes.

8. ‘Reply to All’
Set an alert if people are replying to all – prompting them to check whether this is appropriate.

9. Revoke access after sending
Some more advanced email security solutions will give you the ability to recall or revoke access to an email and its attachments, even after it hits the recipients inbox.

10. Email review
Where teams are responsible for routinely sending sensitive information by email, and there is no alternative, have a review process so someone else checks before sending.

It’s worth checking what controls are available on your email system or looking at specific software. Some of the prompts mentioned above are available using Outlook’s MailTips.

Of course training, continually raising awareness and clear rules all play their part. Making sure your people know how you expect them to behave is crucial.

It also needs to be clear what action people should take after they’ve realised they’ve made a mistake. Are staff permitted to try and rectify this themselves, or does it always need to be immediately reported? This needs to be easily understood and reinforced in training and culture. This also means supervisors should lead by example.

I’m a fan of quick reference guides supporting more detailed policies and procedures. In this case, a ‘golden rules for emails’ on one page in plain English with the rules and clear steps for what to do when things go wrong. Laminate it, turn it into posters – do whatever works to get the message home.

Ultimately, mistakes are inevitable. What isn’t inevitable, though, is the impact mistakes have once the ‘send’ button’s been hit. Every little step taken to mitigate mistakes lessens the impact when one inevitably slips through the net. Most of us, after all, recognise the occasional mistake will occur. The problem is if they happen too often, it can undermining confidence in your people, your organisation and your brand.

As a data protection consultant since 2015, Philippa advises and supports a broad range of clients, and delivers data protection training. She also regularly writes GDPR guides to support data protection teams in their day-to-day work.

Copyright DPN
The information provided and opinions expressed in our content represent the views of the Data Protection Network and our contributors. They do not constitute legal advice.