Jonathan Stempel, Reuters:
Goldman Sachs Group Inc on Wednesday said Google Inc has blocked access to an email containing confidential client data that a contractor sent to a stranger’s Gmail account by mistake, an error that the bank said threatened a “needless and massive” breach of privacy.
This is a fascinating story. I wonder what kind of precedent this will set. Stempel, continued:
Goldman did not say how many clients were affected. It has been seeking a court order compelling Google to delete the email, which it said on Wednesday had yet to occur.
“Google complied with our request that it block access to the email,” Goldman spokeswoman Andrea Raphael said. “It has also notified us that the email account had not been accessed from the time the email was sent to the time Google blocked access. No client information has been breached.” A Google spokeswoman declined to comment.
The bank said a member of Google’s “incident response team” reported on June 26 that the email could not be deleted without a court order.
If Google initially declined to block access to the email without a court order, what made them change their minds? To the best of my knowledge, this is unprecedented. What’s the threshold for Google to block access to a mistakenly-sent email? Is exposing confidential client data from one of the world’s largest banks the bare minimum?