GDPR/DSGVO issue regarding CC'ed users

I’m not sure where to put it as this is not exactly a technical issue… Please consider the following:

• Users (role ‘customer’) have access to Zammads web UI.
• Some customer creates a ticket via e-mail and they are cc’ing someone else (3rd party, employee).
• For whatever reason that 3rd party replies to that e-mail (reply to all) but deletes the ticket owner (in this case, the customer)—so their e-mail is only sent to Zammad.

While the ticket owner/customer wouldn’t get an e-mail with that answer, they can still see that answer when they login to Zammad (web interface).

I hope you’re understanding what I’m trying to explain. While I think this situation wouldn’t appear often, I can tell you that it happened with one of my customers and their employees.
The employee replied to the ticket (to: Zammad) with some personal information. They did not include the ticket owner/their CEO in ‘to’ neither ‘cc’/‘bcc’ but they (ticket owner/CEO) would still be possible to see that answer within Zammad web interface.

Our DPO means that this should not be the case.

I can’t think of a solution—except for having a trigger welcoming CC’ed ‘users’/addresses (which doesn’t seem to be possible at the moment).

Do you have any ideas/statements regarding this situation?

Thank you :slight_smile:

This smells like shared organization being enabled for the organization in question.

Because: If I understood correctly, the CEO of the company was not in CC and thus has nothing to two with the second created ticket, but is member of the same organization.

Please note that shared organization have a great potential for data security issues (and are set to “yes” by default upon creation).
Our docs need some tidying here, the information can be found underneath the third screenshot and might need further addition to make it even clearer.

Not exactly, but maybe I misunderstood the issue. I’ve tested Zammad’s behaviour and came to the conclusion, that the 3rd party must have done the following:

• They clicked on ‘reply’ or ‘reply all’ on an e-mail they have been CC’ed from Zammad
• They deleted the original ‘to:’ (i.e. the former ‘from:’, customer/ticket owner)
• They put in the address from Zammad into the ‘to:’-field and left all other fields (CC/BCC) blank

Zammad would then add that e-mail to the existing ticket because of the (invisible) header—and thus, the ticket owner could see the answer.

I don’t think there could be a way to implement a ‘solution’ to this, and I understand if you think (as I do, know) almost no one would work with e-mail this way—but obviously, someone did.

So I’ll leave this here for discussion and consideration. :slight_smile:

Oh I see! Well that’s really the dirty way. :stuck_out_tongue:

Catching that is in my opinion nearly impossible, because we are looking for references of Tickets (like in headers and in title).

However, depending on your configuration, email settings might help you further:

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.