The position I find myself in is that an organisation has sent my highly confidential and sensitive medical and financial documents to another party by unencrypted e-mail. I have no problem with the second party having seen said documents but I'm very disturbed by the fact that these documents were transmitted in this way, which as far as I understand means they will have transited over a number of servers en-route, which could be controlled by almost anyone who could be copying or forwarding e-mails passing over their servers. The destination e-mail address is a gmail address, which means that my confidential documents are now in the possession of Google and will be sitting on their servers for at least six years, even if the recipient deletes the e-mail. One way I sometimes think of to explain how e-mail works is writing something on a postcard, going down to the marketplace and shouting "Can anyone take this message to sometown?" and some stranger says "I'm not going all the way to sometown but I'm going in that direction, so when I get where I'm going, I can go to the marketplace and find someone who can carry it on towards sometown", so I give this stranger the postcard, taking the risk that he might read it or copy down the contents, as might the other strangers he passes it to on the way to it's final destination. However, that ignores the risk of interception with e-mail, so perhaps a better analogy would be sending the information via a radio transmitter, which can only transmit a short distance and the signal is then picked up by a repeater station (which could be under the control of anyone, who could record the information) and re-transmitted and this is repeated until the broadcast reaches the intended recipient. Obviously anyone who decides to listen in to the broadcasts will hear the information as well but maybe that's not a great analogy either, as intercepting e-mail is a bit more complicated than just tuning a radio to a certain frequency. Anyway, even if my analogies are good I obviously can't take action on the basis of what I understand the situation to be and will need some authoritative source which explains it, which I can show to a solicitor or use as evidence myself if I can't find anyone to act for me. So I was wondering if anyone can point me to such sources explaining how unencrypted e-mail is at risk of being intercepted or copied and that any e-mails and attachments sent to google servers are in their possession and not just the intended recipients?