While it might seem normal to contact people through mailing lists there are a number of considerations you should make:
- Does the individual reasonably expect to be on a mailing list and be contacted?
- Will the purpose for future communications be related to the original purpose for creating the list?
- Can the individuals remove themselves from the mailing list easily?
When in doubt you should always ensure you have obtained the consent of the individual through an "opt-in" checkbox to receive further information.
An example case are events involving external registrants. While it might be reasonable to expect communication after registering for an event that only continues up to the time the event has taken place. Subsequent communications should only be made with the consent of the individual, which should be gathered at the time of registration. An option to subsequently opt-out should be presented in future communications with the individuals.
Another example might be team or collaboration mailing lists. It is a reasonable expectation that communications will be made to the individuals during the time of the project, but at the end of the project the individuals should agree to continuing communications if they wish to receive them by an "opt-in" mechanism. An option to subsequently opt-out should be presented in future communications with the individuals.
When sending an e-mail you might be tempted to put multiple recipients in the TO: list. Under many situations this is normal (contacting specific colleagues). However, presuming there is a justifiable reason for sending the mail, then you should not, in general, be revealing the list of names to everyone, as this exposes personal information in a public manner and may negatively impact the expectation of privacy.
To avoid this, you should use the BCC (Blind Carbon Copy) mechanism of e-mail clients, not TO: or CC:, to send to a list of recipients such that no-one else can see who else has received the message.
Creating lists of people based on specific personal data, for e.g. nationality, is processing of personal data. And it can lead to profiling groups of people unintentionally.
Creating lists should be done for clear, identifible and justifiable purposes. The best way to manage lists is through "self registration" allowing people to add or delete themselves.
Dynamic lists should be treated with extreme care as their contents can be used to profile segments of the population so be sure to ensure that access to the members of the list are well protected.
In most situations you should not transfer the list outside CERN to other organisations or persons.
E-mail necessarily generates multiple copies in multiple locations and a number of people have access to e-mail systems. Preferred mechanisms would allow controlled access to the personal data and the possibility of deletion when the purpose of processing has expired.
- The use of e-mail for communicating personal data is to be avoided wherever possible.
- If e-mail is justified, attachments containing personal data should always be encrypted.
- Secure collaboration workspaces are the preferred mechanism.