A data breach with a twist

If the gmail account holder uses the information illegally, prosecute them for that. Otherwise, they've done nothing wrong: leave them alone. The account may even be abandoned (I've abandoned several free email accounts). Make the bank pay for credit protection for the affected customers: sending confidential information by email without some kind of control (link to password-protected retrieval site or password-protected, encrypted file) is reckless and irresponsible.

Why was this employee forwarding ANY bank information to an external email account anyway, especially gmail (same for Yahoo!, etc.). Forwarding any information to an external email account is a security breach and against company policy at many companies (including mine). Why even bother to have network security or VPNs?

I hope this employee was at least disciplined. If this was willfully sent to an external email account, I hope the person was fired.

Maybe the email recipient just hasn't looked at their email for a few days and doesn't even know the message is there. Or the account is abandoned as mentioned above.

I personally do not like to send ANY mail to anyone using a gmail or any other sort of "free" e-mail account for the specific reason that you can create as many e-mail names as you want and there is nothing done to verify who it is that is setting up the e-mail account. I absolutely do not trust any e-mail that I receive from any of these free mail domains either.

Businesses that use any sort of a "free" e-mail account are not a real business in my mind. If they can't pony up for a web site with a real IP address where you can at least see what or who the company is before you deal with them is not worth dealing with.

The current trend of cheap website hosting with no verification as to who is setting up a site is proliferating scams and all sorts of shady dealings. Domain Names should have been left in charge of a highly responsible organization which would verify and certify the legitimacy of someone registering and setting up a web site. But the barn door has been left open too long now so to quote an old addage "Buyer Beware" then so too should it be "Viewer Beware" in this day and age.

Suppose the bank had packaged up a stack of blank cashier's checks and shipped them to another bank branch - only to discover after the shipment had gone out that they had the wrong address.

The bank is obviously obligated to attempt to recover its property. A person at the mistaken address that receives the package - in spite of it being misaddressed - not only has no right to the blank checks, he/she is obligated to respond to reasonable requests to return the material.

IT JUST ISN'T ANY DIFFERENT WHEN THE INFORMATION IS PRIVATE CUSTOMER DATA AND THE MEDIUM IS ELECTRONIC.

A lot of the "blame the bank" - "this isn't Google's problem" - "leave the Gmail user alone" comments come down, in my opinion, to pseudo-libertarian notions that each of us has complete sovereignty and has no obligations to protect the rights of others. The world - and specifically this country's legal framework - is just not that cut-and-dried.

Google can't keep fighting this battle forever. It has obligations not only to its apparent customers (some of whom may not be real and as such have no rights) but also to the electronic world around it. A "Do No Evil" corporate policy is not sufficient to shield Google from its responsibilities to uphold the law.