A six-month-old database containing full contact details for every Royal Dutch Shell employee, including home phone numbers for work-from-home employees was sent to organisations such as Greenpeace and www.royaldutchshell.com a well-known anti-Shell grievance site.

Acknowledging that the data was genuine Shell insisted that with no home addresses, there was no security risk.

Readers may do with that information what they will.

The database was claimed to come from 116 concerned employees from UK, USA and the Netherlands although given the age of the information, it has been speculated that the sender was an ex-employee.

Material accompanying the release, including a 170-page covering note explained that the release was in protest at Shell's operations in Nigeria which it is claimed led to multiple human rights violations and the deaths of a number of Nigerian protestors.

BP, one of Shell's competitors, was well-aware of the dangers of excessive emails, warning a couple of years ago that emails, particularly with attachments, should be avoided when 'a telephone call will suffice.'

There are lessons here for all organisations.  Firstly, as BP notes, minimise the confidential information that employees send outside of the company.  If necessary, apply restrictions to what can be done (there are plenty of software systems to mange this).

Secondly, you never really know which information could become your next big incident; hands up who in the audience would have thought the internal directory would cause such grief!  You have to protect it all.

Finally, when employees leave, how do you (as the employer) know that they haven't already syphoned off more information than you'd prefer they had?  And still permit them to do their jobs!