What is Cc and Bcc in email?

Incidents in which emails are sent to the incorrect recipient or the incorrect field is used are more common than you might expect. However, these careless errors – often the result of employee error or lack of understanding – are easily preventable. 

Cc stands for carbon copy, while Bcc stands for blind carbon copy. While those terms sound similar, and they are both used to include additional recipients on an email, there is a key difference between them. 

What is the difference between Cc and Bcc? 

The Cc field should be used when you want to include recipients on an email and want them to be visible to everyone else included.  


You are liaising with colleagues about an upcoming promotion, and you’d like to make other departments aware, e.g. stock control. 

What is Bcc? 

The Bcc field should be used when you want to add recipients to an email but do not want them to be visible to everyone included in the ‘To’ or ‘Cc’ fields. Only the sender will be able to see who has been Bcc’d. 


You are communicating with a large group of external parties. You want them all to receive the same email, but you do not want them to see each other’s contact details. You would therefore include all contacts in the Bcc field. 

Consequences of misuse 

Although it seems straightforward, many people fail to use the correct field when emailing. It’s essential that the correct field is used to prevent a data breach from occurring. 

Under the EU GDPR (General Data Protection Regulation), the unauthorised disclosure of personal data is a breach. Data breaches do not just occur because of malice – human error is widely acknowledged to be one of the biggest threats to organisations’ security. Sending an email to the incorrect recipient or using the Cc field instead of the Bcc field, for example, are considered data breaches. 

With the GDPR and Data Protection Act 2018 now in force, data breaches have the potential to be costlier than ever. Organisations of all sizes need to be better prepared. 

Take action 

Preventable data breaches can incur fines and result in reputational damage among customers and stakeholders. And of course, breaches risk information falling into the wrong hands and being used maliciously. 

For those who work with highly sensitive information, it’s even more important to ensure that all employees have a comprehensive understanding of data protection and information security best practices. 

If you’d like to find out more, take a free trial of our Misuse of Email Cc and Bcc Human Patch E-Learning Course. 

The course will educate your employees on the consequences of careless behaviour. It will encourage them to think more about their actions and ensure that they communicate securely and legally via email. 

Request your free trial today >>