We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Mis-sent email data protection question.
ChumpusRex
Posts: 352 Forumite
in Techie Stuff
I recently received what seemed to be a highly sensitive document by e-mail which was intended for someone else. I contacted the sender and drew their attention to it, and they seemed grateful enough and drew my attention to the disclaimer at the bottom of the e-mail, which basically said:
The contents of this e-mail are confidential. Blah. Blah.
If you have received it in error, you must destroy any copies that you hold. Blah blah.
Fair enough I thought. Until I realised what a pain this actually was.
It had come through a professional alias e-mail and been forwarded to my main account. From there it had been downloaded by my PC, my laptop, my home phone, my work phone and a tablet. It had been backed up onto my home server, and also onto my online backup service archive. And those were the copies that I could think of, off the top of my head.
Tracking down all these copies and deleting them could potentially be quite time consuming and inconvenient. It took me a good 45 minutes to check all the devices, mail accounts and verify that the e-mail had been deleted.
I was half tempted to send a tongue-in-cheek e-mail asking how they wanted to pay for my time, but thought better of it.
However, the questions remain:
If someone, through there negligence, sends me confidential data - how much effort am I required to go to to ensure that it is destroyed or contained?
Am I bound to the same standard of confidentiality as the sender, even though I may not be in the same position to maintain it?
Do I even need to comply with the request to destroy the data, if it would cost me in time or money to comply with it?
The contents of this e-mail are confidential. Blah. Blah.
If you have received it in error, you must destroy any copies that you hold. Blah blah.
Fair enough I thought. Until I realised what a pain this actually was.
It had come through a professional alias e-mail and been forwarded to my main account. From there it had been downloaded by my PC, my laptop, my home phone, my work phone and a tablet. It had been backed up onto my home server, and also onto my online backup service archive. And those were the copies that I could think of, off the top of my head.
Tracking down all these copies and deleting them could potentially be quite time consuming and inconvenient. It took me a good 45 minutes to check all the devices, mail accounts and verify that the e-mail had been deleted.
I was half tempted to send a tongue-in-cheek e-mail asking how they wanted to pay for my time, but thought better of it.
However, the questions remain:
If someone, through there negligence, sends me confidential data - how much effort am I required to go to to ensure that it is destroyed or contained?
Am I bound to the same standard of confidentiality as the sender, even though I may not be in the same position to maintain it?
Do I even need to comply with the request to destroy the data, if it would cost me in time or money to comply with it?
0
Comments
-
Why do you use POP3 on 5 devices? Just use IMAP or Exchange ActiveSync (what @hotmail, gmail, outlook emails use).. Then all you would've had to do is delete it from one of your devices so it syncs and then from the backup server.0
-
I DO use IMAP. And this is fine for the phones/tablets (except for when they sync with the PC where a backup is taken).
However, the PC and laptop are configured to archive e-mails locally (A friend was badly screwed because his e-mail provider deleted his IMAP mailbox because of a server error, and all his client machines responded by deleting all their local copies, leaving him without any copies of his business e-mails).0 -
ChumpusRex wrote: »Am I bound to the same standard of confidentiality as the sender, even though I may not be in the same position to maintain it?
Do I even need to comply with the request to destroy the data, if it would cost me in time or money to comply with it?
As long as you don't share the information there is no confidentiality problem. Frankly if it's difficult to destroy the data I wouldn't even bother, you can just say you thought you had. I'm not a legal expert though.It's someone else's fault.0 -
You are under no obligation at all to 'return' or delete data that has been delivered to you in error. Or even to notify them.
With 144.8 billion emails sent daily (if the info on the link below is correct) then there must be millions going to the wrong recipients, even if only a fraction are misdirected.
http://mashable.com/2012/11/27/email-stats-infographic/No free lunch, and no free laptop
0 -
ChumpusRex wrote: »Am I bound to the same standard of confidentiality as the sender, even though I may not be in the same position to maintain it?
My hunch would be no, but that you would be bound to a standard of confidentiality. Instead of just plucking ideas out of thin air, let's do some research. This page at Out-Law.com might be useful, I quote:
"Do not take it for granted that your confidentiality notice can be relied upon, however much care goes into its preparation. There is no legal authority on the value of these notices in email communications. When the notice is added automatically to every external communication, there is a risk that a court would consider that the venom in your warning has been diluted.
The value of the notice is that, if the disclosure of the content of an email becomes a subject of dispute, it would be possible to point a court to the existence of the confidentiality notice and argue that the recipient should have known to not disclose the contents of the message.
If your organisation decides that it is worth including such a notice, just be aware that it will be in a court's discretion to ignore it."
Weblaw.co.uk's opinion jibes with this.
"Under English law a recipient of a communication is obliged not to disclose its content or use it for a purpose other than the purpose for which it was communicated, if (but only if) the communication was expressly or implicitly confidential. Whether a communication is implicitly confidential depends on whether a reasonable person in the position of the recipient would regard it as confidential."
My hunch therefore is that (a) you would be in legally dubious ground if you tried to use this email to make mischief but (b) you are under no obligation to "destroy" it.
I surmise that if the information happened to be accidentally released - perhaps you accidentally forward it to somebody - you would probably be in the clear. Reason being that you aren't held to the same standards of confidentiality as the organisation that sent you the email, .e.g you don't have to demonstrate that you've taken action to positively eliminate data breaches, that kind of thing. A lawyer is probably best-placed to answer this.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards