bank sues google over mis-mailed info!?!

Well, it seems that Rocky Mountain Bank had one of its employees email a gmail account with names, addresses, and social security numbers of its customers. They sued Google to reveal the identity and shut down the account.

I'll start with: what?!? A bank emailed a random gmail account with confidential information?!?

From one of the articles below: a customer asked the bank to email loan documents to a third party gmail address. The wrong gmail address was emailed. An additional document was accidentally included.

It sounds like the employee kept the customers files in the same folder as the banks internal files. At least I imagine that the customer called and said, "hey, can you email those files to x@gmail.com?", the bank employee created an email and selected the files from a folder and selected one too many.

1. You shouldn't do business with third parties that have a gmail account. You can't be sure who you are dealing with. Banks especially should not, but it sounds like this was the bank's customer who was dealing with the third party.
2. You shouldn't be emailing confidential information. Or at least you shouldn't email it unencrypted.
3. When emailing files, you should make sure you have the right ones included. If you work with confidential data, double-check for sure. And triple-check and why doesn't their IT department have a verification process for approving outgoing email with attachments?!?
   
4. You should keep different classes of data in separate places. You put confidential papers in a safe. You put weapons in a safe location. You put valuables in a safe deposit box. All because it's more difficult to do something stupid with them if they are in a special location. (hmm, makes me think of holiness) If you left your birth certificate on your desk, you might accidentally throw it out. If you have files that should never, in any case, be emailed outside the bank, don't keep them in the same folder. Or at least encrypt them.

To sum up, an employee mailed a confidential document to the wrong email address. It's sort of like telling the bank to pay the electric company $80 and they give some random person $100,000 of everyone's money instead.

http://www.theregister.co.uk/2009/09/23/google_sued_for_gmail_user_identity/

http://blogoscoped.com/archive/2009-09-24-n14.html

http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=220100410&cid=tab_art_int_C

http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=114264

http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=220300364