Rocky Mountain Bank / Gmail Fiasco Takes a Turn For the Worse
As reported by Wired, MediaPost, Informationweek, and numerous others, Rocky Mountain Bank did the equivalent of setting off a firecracker in a dark room by seeking permission to file its pleadings against Google under seal. The problem was that the lawsuit involved the bank's attempts to locate a gmail account-holder, and the bank was trying to keep quiet the fact that it had inadvertently sent an email containing sensitive private information . . . to the wrong email address.
The saga took another turn yesterday when (as reported by Wendy Davis) the court granted the bank's request to "deactivate" the account in question. Access a copy of the order [pdf] here. The order also enjoined the account-holder from accessing the confidential information, and required Google to (unless the account was dormant) disclose the identity and contact information of the account-holder.
Oy.
Quick thoughts on what went wrong:
The Bank: The bank (or a bank employee) fumbled to say the least. Sending an email containing confidential information . . . to a random gmail address? Then trying to keep it under wraps? The decision is "begging to be mocked and ridiculed," as one person said.
Bank's Lawyers: Potentially bad call on their part to sue Google and file under seal, but how else could they have handled it? One minor suggestion to the bank's lawyers: they may have been better off filing a John Doe action. People probably search lawsuits by parties, and any lawsuit involving a company like Google ends up being on everyone's radar screen. I'm not sure a John Doe lawsuit could have avoided the backlash, and whether they satisfied the requisite standards, but it was worth a shot. (As a side note, I was involved in a case in the Northern District where the other side tried to file something under seal, and the court wasn't very happy about this. The decision to file under seal wasn't unreasonable in that case, but that experience taught me to think twice about filing anything under seal.)
Google: Google did the right thing in refusing to shut down the account or turn over its contents without a court order.
That brings us to the final actor. The court. Did the court just issue an order without notice to the account-holder that the gmail account be "deactivated"? As John Morris of CDT and Prof. Goldman note, disabling an account-holder's email account is pretty serious and the order implicates the account-holder's First Amendment and privacy rights. And it didn't seem like the account-holder had much notice either? Problematic from a Due Process standpoint? At least the court's order does not require disclosure of the contents of the email account (laws regulating the access and disclosure of emails (e.g., Stored Communications Act) probably do not leave room for this type of disclosure).
I feel bad for the person at the bank that sent the email! We will all have one or more email snafus in our lives. Guaranteed. This one turned out to be plenty costly.
Update: Howard Bashman reports that the parties filed a joint motion to vacate the TRO as moot. Access a copy of the joint motion here [pdf].
Also, this post from BNA's TechLaw blog ("Selective Outrage in Rocky Mountain Bank Case") is worth reading.
The saga took another turn yesterday when (as reported by Wendy Davis) the court granted the bank's request to "deactivate" the account in question. Access a copy of the order [pdf] here. The order also enjoined the account-holder from accessing the confidential information, and required Google to (unless the account was dormant) disclose the identity and contact information of the account-holder.
Oy.
Quick thoughts on what went wrong:
Bank's Lawyers: Potentially bad call on their part to sue Google and file under seal, but how else could they have handled it? One minor suggestion to the bank's lawyers: they may have been better off filing a John Doe action. People probably search lawsuits by parties, and any lawsuit involving a company like Google ends up being on everyone's radar screen. I'm not sure a John Doe lawsuit could have avoided the backlash, and whether they satisfied the requisite standards, but it was worth a shot. (As a side note, I was involved in a case in the Northern District where the other side tried to file something under seal, and the court wasn't very happy about this. The decision to file under seal wasn't unreasonable in that case, but that experience taught me to think twice about filing anything under seal.)
Google: Google did the right thing in refusing to shut down the account or turn over its contents without a court order.
That brings us to the final actor. The court. Did the court just issue an order without notice to the account-holder that the gmail account be "deactivated"? As John Morris of CDT and Prof. Goldman note, disabling an account-holder's email account is pretty serious and the order implicates the account-holder's First Amendment and privacy rights. And it didn't seem like the account-holder had much notice either? Problematic from a Due Process standpoint? At least the court's order does not require disclosure of the contents of the email account (laws regulating the access and disclosure of emails (e.g., Stored Communications Act) probably do not leave room for this type of disclosure).
I feel bad for the person at the bank that sent the email! We will all have one or more email snafus in our lives. Guaranteed. This one turned out to be plenty costly.
Update: Howard Bashman reports that the parties filed a joint motion to vacate the TRO as moot. Access a copy of the joint motion here [pdf].
Also, this post from BNA's TechLaw blog ("Selective Outrage in Rocky Mountain Bank Case") is worth reading.
This just blows my mind. I'm sorry, but Rocky Mountain Bank was in the wrong here. Totally in the wrong. They should have reprimanded their employee instead. I would have to question as to WHY did the employee have to email ANYONE a list of sensitive information? Do people NOT know or realize that emailing from one address to another is NOT safe or confidential as we are lead to believe. Emails can be intercepted along the route by hackers and those who use script programs to spy on mail servers and such.
I sincerely hope that Rocky Mountain Bank customers have heard about this story and hope that they close their accounts at Rocky Mountain Bank PRONTO and find another bank to do business at. Rocky Mountain Bank needs to take responsibility of their own f**k up instead of blaming someone else or trying to pretend that a criminal phantom exists when it doesn't.
Just who the hell does Rocky Mountain Bank think they are to take away someone's right to have an email account? Corporations like them seriously disgust me. I hope that whoever the person is that had their email account taken away, I hope that person sues the living sh** out of Rocky Mountain Bank AND Google.
Reply to this