The Dutch Data Protection Authority has confessed to making the same kind of mistake that many others have made before – sending out an email with a long list of email addresses listed for all to see in the Cc: rather than hidden away via the Bcc: field.