By Dr. Guy Bunker @guybunker
Recently, a story in the media concerned Goldman Sachs and legal action taken by them requiring Google to delete an email that was sent to one of Google’s customers in error, is interesting in so many ways!
- It’s amazing that Goldman Sachs doesn’t appear to have technology in place to prevent this sort of thing from happening. Data Loss Prevention solutions (including our own) have been around for a long time and can readily prevent this type of leak from happening. Newer technology, such as Adaptive Redaction, can go one step further by removing the critical information but allow communication to happen.
- The advent of on-line services and data storage makes it tough to figure out where ownership and responsibility lie. In this case, Goldman had both responsibility and ownership of the information – but when they sent it to someone else, even though it was in error, should they have sought to delete it?
- Google mail crosses all sorts of geographic and political boundaries – and the laws relating to privacy differs from one to the next. What if the account it was sent to wasn’t held by an American? Is Google obliged to delete the information?
- If Google were to delete the email, could they then be sued by the recipient for interfering with the recipient’s email? I certainly wouldn’t be happy if I found my email was being deleted by my provider – either with, let alone without, my knowledge.
- What if the recipient has already forwarded or used the content of the email? One of the Goldman tenets is that deleting the email would prevent a “needless and massive” data breach... Actually the breach has already happened – and suitable consequences should be metered out.
I’m sure everyone has received email from someone, by mistake... and while you may not care to admit it, probably have sent one to someone by mistake as well. Generally, we would probably hit ‘delete’ anyway – as it wouldn’t be all that interesting, but maybe, if it was obviously sensitive, you may not. Today, if that email contains personally identifiable information, or financial information, or healthcare information, or even Intellectual Property and other critical business information, there are laws that protect the individual’s information that has been abused – resulting in fines and other mitigating costs. For many, it is the reputational damage which really causes the problem and I suspect that this story making headline news across the globe, because of the challenge to Google, will have damaged Goldman’s reputation more than if they had just admitted to it in the first place.
Changes in legislation coupled with the increasing insider threat, be it inadvertent or malicious, (“The Enemy Within”) make the need for technology solutions such as Data Loss Prevention even more essential – whether you are an SME or a big brand global business. Understanding where the risks are within your organization can help ensure that the appropriate solution is applied at the right point, keeping the costs down. Some of today’s solutions offer ‘everyday’ business value, as well as preventing the risks. Legislation and changing working practices are creating a perfect storm for CIOs and IT directors, solutions that help them understand their critical data and its flow inside and outside the organization so they can protect it, is now a necessity.