In an extremely disturbing ruling in California, a bank accidentally sent confidential customer information to the wrong Gmail account, then after Google properly refused to violate the confidentiality of their customer (as laid out in their privacy policy) the bank petitioned for and received a court order to shut down the user’s email account.
So this poor guy has the unfortunate position of being on the receiving end of a bank screw up and they shut down his service.
A couple of things wrong with this
- obviously this is the bank’s screw up and should not involve Google or the recipient in a court
- Why in the world is the court allowing effective punishment of an innocent party?
- What in the hell is the bank doing sending this information via email? ANYONE in between the bank and Google on the internet can read that data, Its not just in the email account. Email is not encrypted or secure.
- What is the bank doing sending email to Gmail accounts anyway? I would hope my bank doesn’t allow employees to use personal, uncontrolled email accounts for business purposes. Its possible this was a business account with a custom domain but since it was accidentally sent to someone else I’m pretty sure this was an @gmail.com address. If it had been to wrongguy@stupidbank.com then whoever worked at stupidbank.com could have been reached and tracked down the other account owner.
Given this gross privacy violation I’d be hard pressed to keep my money in a bank with apparently sloppy tech security policies.
(HT: The Agitator)
No comments:
Post a Comment