So, Threat Level [Wired], by way of Information Week, has a story about how Rocky Mountain Bank agent(s), sent an email to the wrong GMAIL account, including a document that should not have been sent at all containing sensitive information pertaining to nearly 1400 customers. When the agent couldn’t get a hold of the recipient who incorrectly received the information, they decided to sue Google in an attempt to identify and presumably hush the recipient. I don’t wish you good luck with that RMB.
Yah, I think the Streisand Effect is going to kick in here.
If you aren’t familiar with what the Streisand Effect is, it is basically the act of trying to hide something leading to the conflagration of what you don’t want to have public, becoming even more public than if you had just shut your mouth and moved on.
Ethically, this is all on Rocky Mountain Bank failing to due its due diligence and taking fiduciary duty or care and failing. I’m sorry, but it is not the receivers responsibility to act in any way other than to destroy the data when it receives something confidential. If they do it, is nothing more than an ethical expectation of performance. Not a legal matter. That onus is on the sender.
Personally, I have received blue prints which I promptly deleted [being a former virus bug hunter, I would open any email that came down the channel, the beauty of virtual machines and mirrored hard drives], I’ve received faxes with financial information [which I shredded and notified the sender], and most recently I had a fax sent to me with the medical information of a patient. A HIPAA violation that led me to inform the primary care physician on the letterhead that their agent sent a document to the wrong phone number and to inform them that the hospital that represented them told me to fax it along to the correct person. Making ME responsible for the data. I told that person they were not acting properly; and then, as I said, informed the physician.
Ethics are a squishy construct. Open to interpretation unless someone with authority condones a particular “correct” action, and then at least, you have someone to which you can point at and say “They said it was correct.” The receiver could possibly not speak english, or not care to respond. Either way, their anonymity should be assured because they’ve committed no crime and should be treated as a non-issue.
The sender however, should be reprimanded and their authority to send a fax, email, or otherwise filtered through another person for verification until their due diligence and responsibility can be trusted. And TRUST is a major issue in modern banking.
Related posts:
You must log in to post a comment.
{ 1 trackback }