Skip to main content

What Steps Should I Take If I Think I Accidentally Shared Sensitive Data?

Bob McMahon
ernst-young-2.svg

 Overview

Accidentally sharing sensitive data can happen to anyone, but quick and appropriate action is essential to minimize risks to Ernst & Young (EY), our clients, and colleagues. Sensitive data includes confidential client information, employee personal data, financial records, and any information classified as Confidential or Restricted.

If you believe you’ve shared sensitive information in error—whether by email, messaging, file sharing, or verbal communication—follow these steps immediately to help contain the situation and prevent potential data breaches.

Step 1: Stay Calm and Act Quickly

Do not panic. Taking quick, calm, and deliberate action can greatly reduce the potential impact.

Step 2: Identify What Was Shared and How

  • Determine exactly what data was shared. Was it client information, employee personal data, financial details, or other confidential information?
  • Identify the method: email, instant message, shared folder, printed document, or verbal communication.
  • Note who received the information—was it internal only or shared externally?
  • If it was shared electronically, try to find timestamps, recipient addresses, and delivery confirmation.

Step 3: Immediately Inform Your Manager

  • Notify your direct manager or supervisor about the incident without delay.
  • Provide all relevant details about the data shared and the recipients.

Step 4: Report the Incident to EY Security Team

  • Use the EY Security Incident Reporting Portal to file a formal report.
  • Alternatively, send an email to the Security Awareness Team at securityawarenessteam@ey.com (or your local security reporting contact).
  • Include all information you gathered in Step 2 and any actions you have already taken.

Step 5: Follow Security Team Guidance

The EY Security Team will assess the risk, investigate the incident, and initiate appropriate mitigation actions. This can include:

  • Attempting to revoke access to shared files or emails (where possible).
  • Notifying affected parties or clients as required by law or policy.
  • Coordinating additional security or legal steps to protect EY interests.

You must cooperate fully and provide any additional information requested.

Step 6: Do NOT Attempt to Fix the Issue Alone

  • Avoid trying to recall emails, delete shared files without approval, or contact recipients on your own.
  • Uncoordinated actions could worsen the situation or result in policy violations.

Step 7: Learn and Prevent Future Incidents

  • Review the incident with your manager and security team to understand what happened.
  • Complete any recommended training or refreshers on data protection and secure communication.
  • Use available tools such as encrypted email or secure file-sharing platforms to reduce risk.

Summary Checklist

  • Stay calm and respond quickly
  • Identify what was shared and who received it
  • Inform your manager immediately
  • Report the incident to the EY Security Team
  • Follow their instructions carefully
  • Do not try to fix it yourself
  • Learn from the incident to improve future security

Resources

  • [EY Security Incident Reporting Portal](insert link)
  • EY Data Protection & Privacy Policies on intranet
  • Security Awareness Training courses
  • Security Awareness Bot for quick guidance

Remember: Prompt and transparent reporting protects you, EY, and our clients. Your quick action helps reduce risks and demonstrates our shared commitment to data security.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk