In this Network World article, a US District Court Judge in California ordered Google to deactivate the Gmail account of a User who accidentally received personally identifiable information. An employee of Rocky Mountain Bank sent an e-mail to the User’s account in error containing names, Social Security Numbers and loan information of more than 1300 bank customers.
Once the employee realized their mistake, they quickly sent a follow-up e-mail requesting that the recipient destroy the previous e-mail and contact Rocky Mountain Bank as soon as possible. After receiving no reply from the recipient, the bank contacted Google and asked for information on the Gmail account holder which Google refused to provide without a court order.
On September 25, the court issued a temporary restraining order, insisting that Google shut the account down and divulge whether the account was still active and whether the confidential info had been viewed. Google complied with the order. The bank has confirmed that the confidential message was never opened and that it has now been permanently deleted.
Not sure if I agree with the judge’s decision, but I think everyone can agree that important lessons were learned. Lessons learned include 1) make sure employees understand regulatory mandates which prohibit the transmission of unencrypted personally identifiable information and 2) make sure employees understand acceptable e-mail usage guidelines and verify the e-mail address or addresses are correct before hitting SEND!
Additional acceptable e-mail usage guidelines and questions to consider before sending any e-mail or other electronic message, may include:
- Who is receiving the e-mail?
- Does the content disclose proprietary information about my organization?
- Does the content disclose sensitive personal information?
- Does the content disclose confidential data about clients, contracts, etc.?
- Are there statements or accusations in the content that cannot be substantiated?
- Does the content contain offensive, racist or slanderous information?
- What would happen if the e-mail was shared, stolen or forwarded to someone else within or outside of my organization
- If the e-mail went public, would it have a negative effect on me or my organization?
- Does the e-mail comply with organizational requirements?
Remember….everyone knows how to use e-mail…but not everyone understands the risks and consequences of using e-mail, so taking time to ensure awareness and accountability can make a huge difference in your bottom line results.