A US bank has taken Google to court in a bid to force the search giant to hand over information relating to a Gmail account that the financial institution wrongly sent sensitive customer data to.
According to a court document published by Wired Magazine, Wyoming-based Rocky Mountain Bank received a request from a customer in August asking for loan documents to be sent to a third party.
A bank employee sent the documents to the wrong Gmail address and also attached a file containing confidential information for 1325 individual and business accounts that were not relevant to the customer. The file includes names, addresses, tax identification numbers and loan information.
After discovering the mistake the following day, the bank unsuccessfully tried to recall the e-mail. It then e-mailed the inadvertent recipient, asking them to delete the original message without reading it. The recipient has not responded.
Rocky Mountain Bank then asked Google for information on the account but the firm said it would not assist unless forced to do so by a court order. The bank has taken legal action and its request is currently being considered.
Meanwhile, the bank filed a motion asking for complaint and motion papers to be sealed to ensure customers do not find out about the error, arguing disclosure would cause unnecessary panic and a surge of inquiries.
The bank says it needs to know whether the account is active or dormant - and therefore whether the information may have been misused - before advising customers.
However, Judge Ronald Whyte, US District Court for the Northern District of California rejected the argument, saying: "An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public's common law right of access to court filings."
He continues: "Plaintiff is already able to advise its customers that there has been an unauthorized disclosure of confidential customer information, and inform them of the steps it is taking to rectify the situation."