Talk about being in the wrong place at the wrong time.
Someone with a Gmail account accidentally received an email from an employee at the Rocky Mountain Bank in Wyoming that included contact information and loan details for about 1,300 customers, according to a published report.
The employee then sent a second email to the recipient, asking him or her to delete the first email. When the bank was unable to determine the identity of the recipient, or what had been done with the information, if anything, it asked Google for the person’s name and contact information. Google declined.
So what did the bank do? It sued Google.
I get that the bank is nervous because it doesn’t know what happened to the data. But suing Google to get that person’s identity serves what purpose? How will the bank ever be able to fully document what the recipient did with that attachment? Was it downloaded? Was it deleted? How can anyone ever be sure?
What would the bank do if the employee had left a hard copy of the list on a park bench and someone had taken it? Could they ever know if copies were made?
The bank should leave Google and the recipient alone, and treat this as lost data. Let the customers know their information has been compromised, and take the appropriate measures.
You can never get the toothpaste back into the tube.