Last month, a customer of the Rocky Mountain Bank asked to be sent loan statements. In doing so, an employee inadvertently sent the email containing the customer's sensitive data to the wrong Gmail account. Attached to the message was personal information on 1,325 individual and business patrons -- including their names, addresses, tax identification or Social Security numbers and loan information.
After recognizing the blooper, the worker sent a second message asking the person to delete the first email without viewing it, and instructed them to respond. When the receiver failed to reply, the bank contacted Google in an attempt to identify the individual. Google refused to comply without court order, and so the Wyoming bank filed suit against the search giant.
Apparently, even if the bank succeeds in obtaining the order, Google's policy is to notify the account holder and allow them the opportunity to object to the disclosure of their identity. While the court mulls things over, the Rocky Mountain Bank filed a motion last week to keep a lid on the case in an attempt to prevent customer panic. A California judge denied this, saying it lacked "compelling reason that overrides the public's common law right of access to court filings."
The fiasco is rather ironic. In one hand, you have a fine example of modern technology impeding on privacy, and in the other is a company flexing its muscle to shield a user's identity. You can read further details about the case here (PDF).