Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

Goldman says client data leaked, wants Google to delete email

Goldman Sachs has filed a lawsuit in the New York State Supreme Court to force Google to delete an email that was accidentally sent by a contractor.

Goldman said the contractor meant to email her report, which contained the client data, to a "gs.com" account, but instead sent it to a similarly named, unrelated "gmail.com" account.

The bank said it has been unable to retrieve the report or get a response from the Gmail account owner. It said a member of Google's "incident response team" reported on June 26 that the email cannot be deleted without a court order.

"Emergency relief is necessary to avoid the risk of inflicting a needless and massive privacy violation upon Goldman Sachs' clients, and to avoid the risk of unnecessary reputational damage to Goldman Sachs," the bank said.

"By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added.

My questions are these: If losing the data would truly result in “a massive privacy violation” why wasn’t Goldman’s either encrypting the data itself or using software to encrypt their email (such as the freely available PGP)? And why should Google be legally responsible for cleaning up after companies who do not follow best (or even good) data protection practices?


blog comments powered by Disqus