Ahead of a court order that is still pending, Google has blocked delivery of a single email mistakenly sent to a wrong address at the request of the sender’s employer. As most of you can attest, doing something like this, while technically possible within certain parameters, is usually not done for a variety of reasons, not the least of which is opening the Pandora’s box of requests for Google to do the same thing for every email sent to the wrong address or for the wrong reasons. In this particular instance, the sender was a contractor for Goldman Sachs, and the email in question contained significant sensitive customer data sent to the wrong address. Rather than risking a signficant exposure for the customers whose data was contained in the email, on top of saving Goldman Sachs from considerable liability, Google acquiesced to the request, which normally requires a court order.
What this means for you:
The only reason this was even possible in the first place was because the unintended recipient hadn’t actually accessed the account since the email was sent, and therefore Google knew for certain that the email wouldn’t have been read, and there could be “un-sent.” You may have experienced both the relief and disappointment of attempting to “unsend” emails via your own company’s Exchange server, which can call back unread emails, but once the email has been opened by the recipient, intended or not, there’s no way to unsend it. What you should really be taking away from this was why someone was using email to send a report with such sensitive information in the first place. In this case, convenience and ease of use led to a near-catastrophic breach. Do you use email to exchange confidential information with other parties? If you do, you should carefully consider the consequences of a mis-delivered email, and what it might cost your organization.