When Confidential Info is in Emails

Answered by:

Question:

There is an ongoing discussion at our bank concerning receipt of an email containing confidential information either as part of the email or in a file attachment. How do you protect the bank in these types of situations? Some say that by the mere fact of receiving and opening the documents we are opening ourselves up to possible liability. We do have many valid reasons for receiving these emails.

Answer:

I think a little reason should prevail here. While I believe banks should try to impress on customers the non-secure nature of public-domain e-mail, and discourage customers from sending personal info by this route, once the message is received, the bank often has a need or even a duty to act on it.

When a customer sends a stop payment request via e-mail, it will probably include personal information like an account number. In this case, the customer is probably more concerned with getting the check stopped than she is with the security of her personal data. Perhaps she's wrong on that note, but the bank doesn't add to the risk by opening and reading the message.

First published on BankersOnline.com 2/09/04

When Confidential Info is in Emails

Related Q&As

Red Flag Program as Part of Information Security Program

About a Separate Identity Theft Prevention Program

Business Accounts: Is a resolution required for account signers?

Related Tools View All

Privacy Police Tools

Clean Desk Policy & Privacy Citation and Commendation

Website Checklist

OFAC Updates View All

Sanctions List Search

Specially Designated Nationals List (SDN)

Sanctions Programs and Information

Search Topics