A couple of people pointed to this Eli Lilly email gaffe story in Portfolio.  I didn't read it closely at first, but on second read it's definitely a cautionary tale. 

The basic story is that lawyers are working on behalf of Eli Lilly to craft a confidential settlement.  One of the firms (whose name shall remain unmentioned for Karmic reasons) sends a comprehensive memorandum to co-counsel.  Except that the email lands in the inbox of a times reporter who shares the same last name as the original intended recipient.  D'oh.  The Times went ahead and did a front page story ("Lilly in Settlement Talks with U.S."). 

My initial reaction is that I hope no law firm associate or staff was involved in the sending of that email message.  That's going to make for a difficult couple of months at the office.  But getting back to the story, what compounded the problem was Lilly's statement in the article:


Ouch.  I think the big take away from this story is that it pays to disable your autocomplete feature!  That, and another helpful suggestion (always delay sends) can be found here.  (On a related note, does the recall feature ever work . . . except to put the recipient on notice that you are frantically trying to recall the message?) 

Someone asked me what I thought about the enforceability of disclaimers and whether the journalist somehow landed him or herself in hot water by using the information in the unsolicited email.  My reaction as to whether those ubiquitous and sometimes annoying disclaimers are enforceable?:

I would guess (and I don't think anyone knows the definitive answer at this point) that an email disclaimer is probably not binding.  Most senders include a disclaimer for their own protection, to be able to argue that they took reasonable steps to restrict the free dissemination of confidential or other sensitive information (which often belongs to the client).  But as a simple matter of contract law, no one has asked you in advance if you agree to the terms of the disclaimer before you open and access the message.  Ironically, you have to open the message and read its contents, before you get down to the disclaimer which is often found at the bottom.  Where someone sends you an unsolicited email this applies with greater force.  You have no relationship to the sender, no course of conduct regarding treatment of information and emails - it's tough to argue that you as the recipient have an obligation to obey the terms of the disclaimer.  There may be other laws which apply which may prevent you from forwarding an email or otherwise exploiting its contents, but generally speaking, the disclaimer alone could probably not be used to preclude you from discussing the email or its contents.  A disclaimer may put you on notice that you have encountered third party confidential information and should proceed with caution, but honestly, disclaimers are so ubiquitous that it would be tough to take this argument seriously. Still, it's something the recipient should keep in mind.

The final thought is that things like this are bound to happen.  Everyone will have some instance in their career where they cause a sensitive email to be sent to the wrong person.

More:  it turned out my decision to not mention the name of the law firm was prescient (in addition to being appropriate from a Karmic standpoint): 


So says Drug and Device Law.