Rocky Mountain Bank, Google Can’t Clean Up Your Mess.

A U.S. bank sent highly confidential information via email to the wrong person. Whoops! Big mistake. Once the Wyoming-based Rocky Mountain Bank employee realized the mishap, a second email was sent to the same person, asking them to delete the email without opening it.

After receiving no response, the bank decided that the only way to get in contact with the Gmail account holder was to ask Google. Unfortunately for the Rocky Mountain Bank, Google doesn’t just throw out that kind of information. So Rocky Mountain Bank decided to sue Google. That may prove to be another big mistake. Now everyone knows what a screw up that Rocky Mountain Bank employee is.

The confidential email contained names, addresses, tax IDs and loan information for more than 1,300 of the bank’s customers. Even if the incorrect recipient were to have deleted the email, there’s no way that the bank could determine whether or not the email was ever opened, forwarded, printed or copied. Considering the levity of this particular situation, I would imagine that the Rocky Mountain Bank would do everything in its power to get in contact with the Gmail recipient just to ensure cooperation around the protection of such highly sensitive data.

So far Google has not given the Rocky Mountain Bank the real identity of that email recipient, and it will not do so unless the court orders Google to give up that information. But the situation raises some very important questions and concerns surrounding the electronic transfer of confidential and personally identifiable information.

This is a huge concern for the bank customers, as they now have reason to mistrust the Rocky Mountain Bank and take their business elsewhere. Granted, slipups like this happen all the time across several companies. And on other occasions, company data can be hacked. Either way, customers can understandably become skeptical and begin to mistrust companies and most forms of electronic data storage and transfer.

Mishaps such as this one regress society’s overall acceptance of certain forms of technology, which can seem frustrating in times of progress. Nevertheless, such mishaps force companies to be more careful of the way in which they practice business, train their employees and protect consumer data.

When it comes to the lawsuit, however, the big concern is regarding the responsibility of cleaning up the mess, and where that responsibility lies. Is Google or the Rocky Mountain Bank responsible for fixing the problem, and how will this particular case change the way in which corporations work and share data with Google (and vice versa)?

There are services out there that allow an email sender to retract a message, or set the message to “self-destruct” after it has been opened. There are also services that allow an email sender to be alerted as to when the sent email has in fact been opened, shifting some of the responsibility to the email recipient. While there are still certain work-arounds for all of the above mentioned, these are just a few options that corporations can look into in order to have a more uniform set of expectations for employee compliance.