Goldman Sachs Demands Google Unsend One of Its E-mails

rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."

Reputational Damage

[what2123]

Ha. Hahahaha. Ha.

Re:Reputational Damage

[flyingsquid]

So basically what happened is that someone started typing an email to "Joeblow@gs.com" and got as far as "Joeblow@g" before the autocomplete helpfully added "gmail.com". And then they hit "send". Through a combination of carelessness and cluelessness, this employee managed to put hundreds of millions if not billions of dollars of customer funds at risk. Well, given what happened the last time Goldman made a mistake of this magnitude, it's clear that there's only one course of action for the company. And that's to give this employee a massive bonus.

Re:Reputational Damage

[Em+Adespoton]

What this also indicates is that "Joeblow@gmail.com" was already in the employee's address book, which means it is someone they correspond with. Given this, did the employee then contact that person and ask them to delete the previous email? I presume they did, and got a "fat chance" in reply. And if THIS was the case, you can rest assured that "Joeblow@gmail.com" has already saved the email elsewhere and likely forwarded it to other email addresses; so this attempt at a court order, while it may show that the employee was attempting to do the right thing (so protecting their job), won't actually accomplish anything in the name of privacy or "name polishing".

It's like Barbara Streisand has suddenly requested the world forget about her... and they have.

Non-story.

[u38cg]

Already blocked

Re:Non-story.

[mwvdlee]

Just because an issue was quickly resolved doesn't make it a non-story.

If Goldman Sachs uses the insecure SMTP protocol to transmit highly sensitive unencrypted data, they deserve the reputation damage (and a security audit).

Yeah

[boristdog]

Barbara Striesand never returns my e-mails either.

E-mail?

[Scutter]

Massive privacy breach....e-mailed a report...containing sensitive details...e-mailed...

The problem here isn't that it was sent to the wrong account. It's that it was e-mailed AT ALL.

Re:E-mail?

[MikeBabcock]

Good luck explaining this to companies ... I'm still working over people who insist on sending confidential Excel spreadsheets by E-mail.

Re:E-mail?

[Dr.+Evil]

"testing internal changes... with sensitive client information"

Should violate all security policies right there.

Too late

[Slizzo]

"avoid the risk of unnecessary reputational damage to Goldman Sachs." I'd say it's too late for that now, mate.

Re:Disclaimer?

[blane.bramble]

The problem with that is, is if was sent to your email address, you are the intended recipient.

Re:why?

[Anrego]

This all seems fairly reasonable to me.

You have enough people doing enough things, eventually someone is going to make a stupid mistake. In hindsight there is probably plenty of stuff that could have or should have been in place to prevent this, but then there always is when looking back at a problem.

Google seems to be acting reasonably. Putting a process in place where companies can quickly and conveniently "take back" emails seems like a bad idea. Requiring a court order ensures that this goes through a strict process and is well documented. Google doesn't seem to be "fighting" this so much as saying "get a court to tell us to and we'll happily do it for you".

And I don't get the impression that Goldman Sachs is pounding their fists on the desk here either. They are doing everything they can to repair or prevent damage caused by a mistake they made. They are seeking out the court order and probably other stuff internally.

Re:Disclaimer?

[u38cg]

These disclaimers are worthless (legally), as you can't accept conditions just by receiving something; none of the heads of contract are satisfied. However, if they motivate the receiving party to do what you want them to then they serve their purpose.

Re:Disclaimer?

[msauve]

What's your email address? Because, I want to send you an email with a giant disclosure at the end which says you owe me $1 million if you read the email.

Re:Disclaimer?

[blane.bramble]

I've also seen a creditable argument that because the disclaimer is at the end of the email, and you would have to read the email and therefore all of it's content before reading the disclaimer that warns you not to, that they are particularly worthless.

Re:Disclaimer?

[fuzznutz]

At least every lawyer type e-mail I get has a giant disclaimer at the end if you are NOT the intended recipient. Perhaps GS should have considered using that? Over paid dopes.

Every time I see one of those worthless disclaimers, I crack up. You can't unring a bell and I am under NO obligation to delete any email that was sent to me if it was addressed to my email account. If you typed the wrong address, that's your problem, not mine.

Re:why?

[JaredOfEuropa]

The real question is: should the court order such an action, and under what conditions?

Analogy alert: GS mistakenly sends me a letter by physical mail, then asks the post office (or asks a judge to order the post office) to send a mailman round, break into my house, and retrieve the letter. That clearly won't happen; worst case is that the judge would order me to surrender the letter. In case of email, is Google (under their terms & conditions and the letter of the law) allowed to "break into" my mailbox and remove the offending letter? And should they be?

Unsending E-mail

[DERoss]

The ancient Roman Horace (65-8 bce) said: "Once a word has been allowed to escape, it cannot be recalled."

More recently, Omar, the Tentmaker (died ca 1123 ce) said:
"The moving finger writes; and, having writ,
Moves on: nor all your Piety or Wit
Shall lure it back to cancel half a Line,
Nor all your Tears wash out a Word of it."

Email Insecure

[Roger+W+Moore]

Through a combination of carelessness and cluelessness, this employee managed to put hundreds of millions if not billions of dollars of customer funds at risk.

Sending information like this via email is where the mistake happened, not mistyping the address. Email is not secure even if it is sent to the right address you have no control over how it gets there and it could be easily intercepted and read enroute. Their reputation loss has already occurred by admitting that they use email for highly sensitive information like this.