Bank Makes Mistake, Innocent Bystander Suffers

September 28, 2009

- See all 763 of my articles

On August 12th, an employee of Rocky Mountain Bank sent a spreadsheet with 1300 names, address, and social security numbers to a GMail (Google email) address. Unfortunately, the person sent it to the wrong address. The data was apparently unencrypted (this is a conclusion that I have come to, based solely on RMB’s subsequent actions).

The bank employee sent another email to same address, asking the recipient to contact the bank, and also to delete the file without opening it.

The bank has not heard back from the email recipient, so they asked Google to disclose the GMail account holder’s personal information, so that they could initiate another form of communication with the person.

Not surprisingly, Google denied the request. The bank then went to court to get a court order to get that information, as well as having the account deactivated. Here comes the crazy part – a judge actually agreed!

Let’s do a sanity check here. What crime has this person committed? Um, none. It’s not a crime to be the recipient of unintended email. The person didn’t hack into the bank’s system or anything like that. There is exactly one person at fault here – the person who sent the email. If the same information had been sent through the postal service, would the bank have asked the postal service to suspend mail service?

There is the distinct possibility that the person doesn’t even realize that they have received this email. If they use “whitelists” to restrict their email to pre-approved address, the bank’s email would not have gone into their inbox. Even if the person did see the email, it’s very possible that they suspected a phishing scam and deleted both emails immediately. If the exact same thing happened to me, I would assume a phishing scam. I get a lot of emails that appear to come from banks.

Even if the bank’s request had some sort of merit, I’m not sure exactly what they intend to accomplish by having the GMail account deactivated, other than attempting the punish the recipient. If the bank thinks that the person hasn’t viewed the email yet, I could understand them requesting that Google simply delete that one email from the person’s account. I’m not saying they would be right to do this, but I could understand the logic.

If the person has already viewed the email, then this action will not accomplish anything. If the recipient wanted to take some action with the spreadsheet – such as forwarding to all their friends – then the horse is already gone. Not much point in closing the barn door. If the person already deleted the document, then the action also won’t accomplish anything.

Most disturbing is that this creates the opportunity for abuse of process. What is to prevent companies – or individuals – from “accidentally” sending emails to competitors and then going to court to deactivate the email account of the competitor?

In my opinion, a lot of today’s judges do not have the background to understand some of today’s technology. This is not the first situation where a judge has made a strange decision on a matter related to technology. As technology continues to advance, this is going to become even more of a problem. I would propose the creation of an agency that judges could consult in order to get an accurate and unbiased exlanation of how certain technologies work. This would, of course, have to be at taxpayer expense … but isn’t the cost of miscarried justice even worse?

What did you miss over the weekend?

3 Comments (+add yours?)

  1. Email Marketing Company
    Sep 28, 2009 @ 09:11:30

    sent it to the wrong person? ouch that is a little bit of a breach. i would be pretty upset if i was one of those people.


  2. cb on bonanzle
    Sep 29, 2009 @ 05:25:00

    This just blows my mind. I’m sorry, but Rocky Mountain Bank was in the wrong here. Totally in the wrong. They should have reprimanded their employee instead. I would have to question as to WHY did the employee have to email ANYONE a list of sensitive information? Do people NOT know or realize that emailing from one address to another is NOT safe or confidential as we are lead to believe. Emails can be intercepted along the route by hackers and those who use script programs to spy on mail servers and such.

    I sincerely hope that Rocky Mountain Bank customers have heard about this story and hope that they close their accounts at Rocky Mountain Bank PRONTO and find another bank to do business at. Rocky Mountain Bank needs to take responsibility of their own f**k up instead of blaming someone else or trying to pretend that a criminal phantom exists when it doesn’t.

    Just who the hell does Rocky Mountain Bank think they are to take away someone’s right to have an email account? Corporations like them seriously disgust me. I hope that whoever the person is that had their email account taken away, I hope that person sues the living sh** out of Rocky Mountain Bank AND Google.


  3. kosmo
    Sep 29, 2009 @ 07:53:16

    I actually don’t have a problem with Google’s actions. They rejected RMB’s request and forced them to get a court order. Once RMB had the court order, there’s not much more Google could do (I’m not sure if they can appeal or not). Certainly Google doesn’t want to reveal the information, but nor do they want to be held in contempt of court.

    Sending this sort of data over email is indeed crazy.


Leave a Reply