Muji USA, Ltd.
On April 11, 2017 an employee of the Organization received a completed Pre-Authorized Contribution form from a client. The form provides consent to withdraw an agreed payment amount from a client?s account, and included the personal information at issue. That same day, an employee of the Organization inadvertently included the form in an email sent to another client. The unintended recipient contacted the Organization on April 13, 2017 to report the incident. The Organization contacted the unintended recipient and advised them to permanently delete the record. However, to date, the Organization has been unable to confirm this was done.