http://www.pcadvisor.co.uk/news/index.c ... d=3202428&

In this case, I can't see why Google should comply. I trust the judge will see likewise, and the disclosure is a positive sign.

If the account is indeed dormant and the message unread, then it may be in their own interest to say so. However; the fault clearly lays with the banking clerk's double incompetence and I see no reason why the innocent victim should be subjected to legal action.

I think it only reasonable that the bank should contact the 1,325 compromised account holders to suggest they close their accounts and bank elsewhere. Nobody at Google or @gmail has done anything wrong, as far as we know.

Whether or not Google do end up revealing this privileged information will go some way to answering certain people's worries about their privacy policy. After all, if they bend over for the Americans then we have to assume they might bend over for any other legally recognised country. Although, the skank ho lawsuit is more representative of my personal concerns.

Nbody is saying they have done anything wrong. The bank just want to be able to contact the person, or make sure that Google have deleted the email, if the account is dormant.

To be honest, I can't see why Google wouldn't comply and delete the email if the account was dormant. Likewise, I can't see, when provided with a subpeona, why they wouldn't comply.

I think Google are right, to wait for an official court document, before they disclose the information about the account holder. Otherwise it sets a bad precedent in future cases.

I think Google should have a) quarantined the email until the court made its decision b) if the account was dormant, I can't see any problem in letting the bank know that, so that they don't have to panic their customers.

The bank should contact the affected customers and inform them of the breach.

Google are very good about the privacy of their users - at least when it comes to disclosing it to third parties. They won't release the information, unless the third party makes a case before the courts to be issued with a subpoena. The same happened last month with an anonymous blog on Google's platform. The wouldn't release the information ad-hoc, but once given an official court document, they will comply with the request.

I think this is fine.

The bank are in the wrong here. They should contact the customers concerned and assist them changing any details as a result of the banks error. If the G mail account holder is outside the US what guarantees that they will not over react and demand extradition or something?

Hopefully Google will ignore this, and the court should too.

Even if the G mail account holder sold the info to the Russian Mafia, the bank should be warning their customers now not waiting to find out what has happened to it.

I don't think Google should touch the e-mail, not at least until the Court has reached a decision.

If the bank can't raise the account holder then tough [LIFTED], their mistake. My only hope is that the shareholders go nuts over this error - should a single file with so much valuable information contained therein even exist? Talk about putting all your eggs in one basket!

The shareholders may not even know about this. Even if they did they probably would not do anything. Look at the mess that the British banks got into and not even a whisper from the shareholders before the credit crunch. Most shareholders only care about their dividends and the share price. The board could have been caught shagging sheep on one of those crazy TV shows and the shareholders will barely raise an eyebrow.

It's the banks fault and they have no reason to intrude on the Gmail account holder.
If it was me I'd have just deleted the email, but I wouldn't waste my time jumping through the banks hoops to confirm it.
I find it amusing that the bank thinks it could force the issue while at the same time keeping the security lapse from customers.

+1.

The bank was in the wrong. Let's say the bank sent a letter via snail mail instead of an email. Should the Post Office then 'quarantine' all mail to the addressee until the correct letter is found? What if the person opens the letter? How are you sure he/she has disposed of it and not given it away?

With respect to the email. Let's say the person has received the email and printed it off. What good is going to be done by deleting the email or quarantining it? If the person has done something dastardly, it's going to do SFA.

The right action is to close the accounts and reopen them, transferring all direct debits and standing orders etc as appropriate, so the customers have not been inconvenienced in any way.

With snail mail, they would just turn up at the persons house, explain the situation and ask for the letter back or proof it had been destroyed... If the person wouldn't let them in, they'd go to the local court and ask a judge for for the right to enter the house - with law enforcement officers.

I don't see this process being any different with e-mail.

Yes, the bank made the mistake and they have to deal with the problem. PART of dealing with the problem is trying to ensure that the information doesn't get spread any further!

UPDATE: The court has ordered Google to freeze the account. (source: Buzz Out Loud episode 1071)

The problem is that even if the email had been deleted what is there to say that it has not be copied. It my not have been forwarded via Gmail but could have been copied into a new text file via cut and paste and still done the rounds of the criminal under world. The bank still need to contact their customers.

Who is saying they shouldn't?

But they have a duty of care to said customers to try and reduce the impact of the mistake as much as possible, and getting hold of the party that was accidentally given the information and finding out how widely it was spread is an important part of protecting their customers interests...

To be honest, if it was my bank that had done that, I'd want to know that they had tracked down the copies as best they could, whilst transferring my account to another bank. But as the information involves things like social security numbers and addresses, swapping banks isn't going to help on that front.

which, as John Gruber points out, now leaves someone who has done absolutely nothing wrong and whose only 'crime' was to receive an email he didn't ask for unable to access his email. Genius. Could a judge demonstrate 'I have no clue what's actually going on here' in any more obvious terms?

Jon

+1

I think I might "accidentally" send and email containing sensitive information to a certain US bank, then get a court order forcing them to shut down their email and prove that all traces have been purged irretrievably from their systems.

Ideally, I want to see their platters smashed, servers torched with thermite and all paperwork incinerated. The homes of any employees who may of had access must obviously be searched, hard drives and flash memory removed and their Internet connections audited. Facebook accounts, personal email and any other social sites must be shut down and analysed. All mail must be seised, and telephone conversations recorded. Relatives should be quarantined and interrogated, and ze children must be shot.

After all, it's the only way to ensure my "mistake" doesn't harm anyone.

Yes but changing bank accounts is much tougher now. You need multiple forms of identification now such as passports etc. All part of the money laundering laws. Plus no bank will assist in moving your account to another company after their mistake. They will just keep their fingers crossed and hope that they get away with it.