The Entertainment Software Rating Board likely received hundreds, if not thousands of emails regarding the recent talk of Blizzard implementing Real ID, and the discovery that friends of friends could see your real identity whether you had approved them or not (among other concerns).
As a former WoW geek (with aspirations of returning), I saw both sides of this argument - how a good implementation could reduce trolling, but also how it could compromise folks who strongly prefer (and in some cases, need) to keep their online and IRL identities separate. I added my voice to the chorus with an email to the ESRB cautioning them to take a good look at the proposed implementation to ensure fairness and that important parts of privacy were maintained while increasing transparency to improve gameplay and forums.
The ESRB sent me a nice canned response, which I (correctly) assumed was due to the volume of contact they had about this one issue. Unfortunately, the privacy watchdog...forgot to use the BCC field.
Oh, yes. Sweet irony. And so any number of complainants could see any number of other complainants' email addresses.
The email from the ESRB below, in its entirety (emphasis mine):
"Yesterday we sent an e-mail to a number of consumers who wrote to us in recent days expressing their concern with respect to Blizzard's Real ID program. Given the large number of messages we received, we decided to respond with a mass e-mail so those who'd written us would receive our response as quickly as possible - rather than responding to each message individually, as is our usual practice.
"Through an unfortunate error by one of our employees, some recipients were able to see the e-mail addresses of others who wrote on the same issue. Needless to say, it was never our intention to reveal this information and for that we are genuinely sorry. Those who write to ESRB to express their views expect and deserve to have their contact and personal information protected. In this case, we failed to do so and are doing everything we can to ensure it will not happen again in the future.
"The fact that our message addressed individuals' concerns with respect to their privacy underscores how truly disappointing a mistake this was on our part. We work with companies to ensure they are handling people's private information with confidentiality, care and respect. It is only right that we set a good example and do no less ourselves.
"We sincerely apologize to those who were affected by this error and appreciate their understanding.
"Entertainment Software Rating Board"
Honestly? I'm impressed that they sent out such a message acknowledging the gaffe. You can bet someone's ass got lit on fire after this happened and it was brought to the ESRB's attention. And the email went out very quickly - there was a lag of not much more than a day between the original informational email and the apology email. Human error is always going to be a factor when humans are involved. Yes, it's a facepalm moment for ESRB. How many of us haven't, at some point, accidentally replied to a whole list, or forgotten to use the BCC field? The bigger point: how many other organizations or companies would be so fast to fall on their sword and admit an embarrassing error? More than in the past, perhaps, since the internet means folks can communicate about this sort of thing and make it public even if the company doesn't want it to be. (Cough cough iPhone 4 cough)
(Psst, hey, Steve Jobs. Check it out. A responsible acknowledgment of error. Getcha some.)