bcc:
As techies, we know what cc: and bcc: mean, and, more importantly, the subtle but important difference between them, but, apart from us, it is ironically probably only people over 65 who actually know what carbon paper is and what it was used for!
So I can have a little sympathy for a perhaps less technically minded office worker easily being confused between the two: you're faced with two very similar looking and confusing acronyms, you recall they were something about copying to multiple recipients, but you can't remember which was which, or perhaps even recall that there was an important difference (it's just technical mumbo-jumbo to you, after all, and you either haven't been trained well or had a refresher recently, and have forgotten)…
(Although this brings up the all-too-often unanswered or never-asked question as to why "business" thinks it's acceptable for tasks which definitely do require a modicum of technical awareness and organised common sense, and, yes, skill, to be done by people who sometimes lack those skills - part of the foolish 'not professional roles' regard in which admin roles are often seen by so-called higher-ups, when we all know that a professional, skilled and organised admin team holds an organisation together just as much as any of our computer systems do.)
But because we all know this is a big risk, every organisation should, at the least, be putting in suitable Data Protection training for new employees before they get anywhere near handling Personal Data, refresher training as needed, even something as simple as stickers on monitors ("bcc: copies the message and hides recipients' addresses from each other" - this, and its opposite, should really be tool-tips in email clients, of course, kudos to Evolution for doing just that!), and, of course the better solution, making it technically impossible to make that sort of mistake by using mailing list management software instead.