I got into the gmail beta nice and early, and so my email address is johnnybravo@gmail.com, except that instead of “Johnny Bravo” it’s my actual name. My name is not terribly unique, so I get lots of misdirected emails.
Nine times in 10, I scan and then delete them. Sometimes I’ll respond if the information seems particularly sensitive or important and let them know that they need to check their info, but I feel no particular obligation to do so.
So anyway, there’s lots of Johnny Bravos in America and I often receive their email. I read a lot of them because it’s interesting.
When I get a work-related email from someone in HR or otherwise Super Important, it appends a message including the following lines:
So my question is this: if one day I get some super sensitive financial or personal information that was meant to go to the Johnny Bravo who works for Sensitive Information Database Consolidated, can I be held in any way responsible just for having it? Do disclaimers like the one above hold any weight?
AFAIK, once they send it to you, even in error, it is yours to do with as you please. If it is something like kiddie porn, you will want to remove it (and document your having done so in some way), but if Megabucks Inc. sends you their six month sales forecast, tough toenails for them.
This is assuming it is not otherwise protected, like being under copyright or something.
That’s standard lawyer boilerplate. Every outgoing email from my work email address has something like that on it.
I am not a lawyer. Nevertheless, I seriously doubt that there’s anything anyone can do to you for receiving an email sent to the wrong address.
Now, if that email contained information that could be defined as inside information (“this drug will kill everyone who takes it, but what the heck, let’s put it on the market anyway!”), and you traded on that information, that might be a different story.
The key part (or in this case, lack of a part) is the “strictly prohibited by” line. Unless they mention some law, or legally binding contract that applies to YOU, it’s little more than a forcefully worded version of ‘please don’t do this’.
Heh - yeah, it’s not enforceable. The sender screwed up, not you. That said, of course it’d be a dick move for you to do anything with the information (unless it pertained to something illegal in which case, you should turn it over to the authorities.
I used to own a domain something-or-other.org. As it happened, there was a something-or-other.com domain which was owned by a business. As I was listed as the admin contact, anything that went to an unknown address at the dot-org address got forwarded to my personal email. And a LOT of people tended to put the wrong high level domain, so I used to get misdirected email fairly often. I’d reply to them, saying “think you meant the dot-com address” and that was usually the end of that.
Except for one ditz, who kept sending to dot-org, and finally in frustration sent a really mad-sounding email saying “I don’t know why I keep getting this when I try to email you!!”.
To my dot-org address. Yeah, she was reading the email, but not noticing that she was sending it right back to the same bad address. Urgh.
I actually contacted the dot-com owner and let him know that I was getting this stuff and he might want to remind his contacts of the problem.
Another ongoing problem: my former office phone number was, say, 202-555-1212. Our phone system was set up so that faxes could be sent to the same as your voice number, and the system would intercept and email them to you. Every few months, I’d get faxes of private medical information. It turns out, there was some kind of hospital or something at 201-555-1212 and the number got messed up often enough that I got their information.
I phoned the senders when I could but mostly just deleted. Had the information been anything incriminating, would I have been liable under HIPAA if I had disclosed it?
Those disclaimers aren’t there to come after you just because you “have” it. But if you decided to forward the super sensitive information to a journalist at the New York Times, and he published it. The original sender has established some level expectation of privacy of data, and could possibly go after the NYT.
By reading this post, you are obligated to send me $100.
Obviously, that’s unenforceable. In order for it to be, the recipient has to positively agree to the terms; you cannot force anyone to abide by any terms without consent (Why do you think software has EULAs? To make sure the user has agreed to the terms). You didn’t agree to send me money, and a recipient of the email did not agree to the terms of the disclaimer.
Mama Zappa: HIPAA’s privacy rules apply to “covered entities”: health plans, hospitals, doctors, nursing homes, etc. I doubt you’re a covered entity. If you released the information, the person who sent it to you is the one in trouble.
A separate but related question: I have at times received scam “misdirected” emails that purport to contain information about future stock prices. I assume they are part of some “pump and dump” scheme whereby the sender intends to profit from me and others going “Woohoo! Inside information!” and running out to purchase said stock.
If I were to accidently get a real misdirected email, say from the head of corporate R&D at some Fortune 100 company to the CEO, would that trigger SEC insider trading rules?
My understanding is that the fact that Mama Zappa received faxes of private medical information is a problem for the sender whether or not she releases the information.
At work, I recently had ethics training. One of the bits was that if we received proprietary or competition sensitive information we shouldn’t have received, we were supposed to notify the sender. If we used the information, or if they found out we had it even if we didn’t use it, it could lead to us losing an awarded contract.
That may not apply to Johnny Bravo, but perhaps the notification has legal significance to some potential unintended recipients.
Correct. The originator of the faxes has violated HIPAA by sending any identifiable medical information to the wrong person.
Mama Zappa, not being (presumably) a medical person involved in that person’s care, would not fall under HIPAA rules.
ZenBeam, if I owned a company that had sensitive info and hired you, and you breached confidentiality of information you acquired by accident, I’d probably fire you. And I’d probably write that into contracts, which would make the breach of contract yours and not mine.
That’s still not the same as “legal consequences”, i.e., you’ve broken some law. And it still doesn’t make the disclaimers enforceable on whatever random person has received an email.
For a while a local school district was mistakenly faxing stuff to my work fax. It was mostly medical stuff pertaining to students. Because it was using my toner, I called and said something several times, as well as faxing the stuff back. The faxes all contained the warning at the end.
When they still failed to stop faxing to my number, I called the home number of the student mentioned in a fax. I spoke to the Mom. I told her I knew her kid’s medical info and read stuff directly to her. She was livid. The school never sent me an errant fax again.
Unless it’s actually classified information by the government (which I doubt can exist in email form anyway), I would also say you are probably safe.
That being said, taking classified documents into account, not *everything *requires a positive agreement to be enforceable. Telling the judge, “Well I never AGREED to not look at restricted/classified US documents” isn’t going to get you very far, I don’t think, even if it’s true.
Good points. For there to be legal consequences for disclosing “sensitive” or “confidential” data, there would have to be a legal cause of action (civil or criminal), administrative procedure, etc., to handle people accused of mishandling the information. Afaik there isn’t a generic “misuse of confidential information” offense or tort. If you disclosed government classified information, you might be charged with offenses related to disclosure of classified information. If you signed an employment contract not to disclose details on MegaBigCorp’s project plan to cut costs in the Denver-Salt Lake City shipping route but you sold it to Conglom-O in violation of that contract, you might be subject to suit under breach of contract. Someone who wasn’t a party to the contract might get off, but if MegaBigCorp was publicly traded and they traded on that info, they might be guilty of Insider Trading. If you were subject to HIPAA and violated its confidentiality provisions, you might be proceeded against using that. But if you weren’t subject to HIPAA’s provisions, there would be no cause of action under it against you.
Classified information doesn’t stop being classified just because someone transferred it to a different medium. Otherwise, classified documents could be legally breached by turning them into paintings, microfilm, audiotapes, mp3’s, etc. Letting people off just because they breached the info as a sound file is absurd.
Every integer in the real numbers system is just an integer, right? But apparently some plain old integers are illegal for you to possess.
All information, of all sorts, can be coded as a number (e.g., for usage in computers or other electronic media). You could, perhaps, steal a classified document, convert the data to a number, and then concoct an image file or music or video or something that has that in it. It’s all just a big sequence of 0’s and 1’s, right? And you might even send this around by e-mail. But the simple fact that you have some integer that represents a classified document means it’s illegal for you to possess that number, regardless of what media it may be on.
That’s a spurious line of reasoning. The illegality of possessing the data has nothing has nothing to do with its numerical representation. It has to do with its origin and the intent and knowledge of each person passing it on. It’s never the * number* that’s “illegal.” Otherwise you could reduce any offense involving communication or information to this meaningless level of abstraction.
I don’t know how classified/restricted documents work, which is why I said “doubt” when talking about classified emails.
Seems like this might make a good question for Cecil honestly. “Can I be held legally responsible if I receive a sensitive email in error? Are there such things as classified/restricted by the government emails that would carry fines or prison sentences for unauthorized recipients?”