The Register® — Biting the hand that feeds IT

Feeds

Bank sues Google for identity of Gmail user

Um, we sent him 1,325 tax IDs

By Cade Metz, 23rd September 2009
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

A US bank is suing Google for the identity of a Gmail user after a bank employee accidentally sent the user a file that included the names, addresses, tax IDs, and loan info for more than 1,300 of the bank's customers.

In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address - along with a file containing confidential information for 1,325 other customers.

After a failed attempt to recall the email, the employee sent a second note to that wrong address, requesting that the confidential email be deleted before it was opened. There was no response, so the bank contacted Google to determine what could be done to ensure that the confidential info remained confidential. According to the court papers, Google would not provide information on the account unless it received a subpoena or "other appropriate legal process."

So the bank sued.

Google confirmed with The Reg that it will not comply unless it receives a court order or subpoena. "When Google receives legal process, such as court orders and subpoenas, where possible we promptly provide notice to users to allow them to object to those requests for information," a company spokesman said. "In this case, [Rocky Mountain Bank] must comply with proper court process, and the court has required it to resubmit its papers. Once we have a chance to review these papers, we will determine our response."

The bank's counsel has yet to respond to a request for comment.

Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a "surge of inquiry." But obviously, this wasn't successful.

Google, of course, is right to wait for a court order. And it's right to give the Gmail user involved the opportunity to oppose the order. But the tale is a reminder that in certain situations, the information giant will indeed be compelled to turn over private data.

In recent weeks, Google has also received court orders to reveal the identities of those behind stories published in an online newspapers based in the Turks and Caicos Islands and of a blogger who castigated a model on a blog entitled "Skanks in NYC." ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (63)
Latest Comments
Anonymous Coward

webmaster

I get lots of this bank crap everyday "Your account has been compromised, etc" please click on this Russian/China/Nigerian link to get yourself hacked. Delete or ignore it.

If Rocky Mountain National Bank of idiots were to send me a file it would be treated the same way.

Also what about forwarding the files? I have a new personal email server and forward all my various email accounts to it. (20+ Yahoo and 5+gmail accounts, + others).

0
0
David 141

Google = dog?

There appears to be no legal basis (except for some rather far-fetched appeals to common law) to the bank's complaint, but Google probably couldn't care less.

http://www.digitalmedialawyerblog.com/2009/09/rocky_mountain_bank_v_google_w_1.html

"What is striking is that nowhere in its motion papers did the Bank cite any legal basis, such as a statute or case, that would empower the Court to order Google to disable the Gmail account ..."

Frankly I think that the case should have been thrown out because the bank failed to specify any actual harm or damages.

0
0
Anonymous Coward

simpler solution tried

AC@13:30 - Wouldn't it have been simpler to have emailed the account holder directly. And who in their right mind trusts personal information to the cloud ?

This was already tried, according to the article.

Obviously, the bank screwed up - citizens should not be paying the price for someone elses mistake for the rest of their lives.

Providers should help protect others when mistakes are brought to their attention, when possible steps do not violate the law.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19