Shouldn't it be possible, with what we know about cryptography available today, for banks and other companies to do business <i>without</i> having to regularly pass around files containing thousands of their customers' <i>most personal</i> identification credentials like names, addresses, SSNs and account numbers?
Using unecrypted emails and web based email services for corporate communication is really bad judgement. In Canada one of our banks used to fax confidential documents to a scrapyard operator in West Virginia - for years.
<a href="http://tinyurl.com/ycdeqm8" rel="nofollow">http://tinyurl.com/ycdeqm8</a>
<i>"Rocky Mountain Bank, working with Google (through court order), confirmed on Thursday of last week that the e-mail containing client information was never opened and has now been permanently destroyed by Google's system," Tina Martinez, general counsel for Rocky Mountain Capital, wrote in an e-mail response to questions.
"As a result, no customer data of any sort has been viewed or used by any inappropriate user during this data lapse," Martinez wrote</i><p>So basically they got unbelievably lucky. It doesn't change the fact that Google was prepared to bust down this guy's virtual door because someone said they accidentally slipped some data in his mail-slot.<p>It's still all very troubling.
Instructive to read the original outrage here: <a href="http://news.ycombinator.com/item?id=844228" rel="nofollow">http://news.ycombinator.com/item?id=844228</a><p>But in the end, they did the reasonable thing: delete the email and move on.
The interesting thing is that Google can easily read data in Gmail. I would have been happier if it was actually encrypted using the user's password or a one way hash of the user's password.