Why did the agent let customer data leave?
A new rule says customer data can’t leave the company, and one email still gets out.
That’s why, after the complaint, you put an agent into outbound mail review. It reads the email text, the sender, the recipient, the rule list from the central mail gate, and the label from the AI content checker. It can warn the sender, block a send, or send the case to Legal. It can’t write new rules, and it can’t read personal inboxes.
The setup feels sane. Legal changes one rule on Monday: block customer data going to personal addresses. The admin screen says the rule is live. The agent’s weekly note says sales mail is covered, so nobody pulls a person into every send.
The weekly note
This is the kind of output Legal sees:
“New customer-data rule is live. Sales outbound mail is covered by the central mail gate. No Legal review needed this week.”
{
"report": "Weekly outbound mail review",
"rule": "Block customer data to personal addresses",
"status": "live",
"checked_paths": ["laptop mail app", "browser mail", "central mail gate"],
"agent_decision": "covered",
"exceptions": []
}That is a calming note. It sounds like the rule exists in one place, every sender uses it, and the agent checked the same thing Legal cares about.
What the agent didn’t check:
- It didn’t compare the rule on the laptop mail app with the rule shown in the admin screen.
- It didn’t check whether the laptop could say yes before the live mail gate saw the email.
- It didn’t split managed laptops with pushed updates from laptops that reconnect later.
- It didn’t line up wrong yeses with rule changes, reconnects, or the moment an old saved rule runs out.
- It didn’t count recipients, so one allowed email to several people still looked like one event.
A prospect receives a spreadsheet with another customer’s renewal notes attached.
The wider pattern
One case feels like bad luck. Across sales, the count grows with every email and every recipient sent while a laptop still has the old rule.
| Condition | What you see in the report |
|---|---|
| Same send pace; wait for new rules cut in half | Old-rule sends fall by about half only where the laptop’s saved copy can decide |
| Rule changes, reconnects, or saved rules running out | Wrong yeses bunch near those moments |
| Managed laptops with pushed rules | Fewer old-rule decisions than often-offline laptops, if both get the same mail check |
| All mail waits for the live central gate | No repeating old-rule bunches from send pace alone |
So the weekly report stops being a clean pass/fail. The Head of Legal has to ask which device sent it, which route it took, which copy of the rule it used, and how many people received it. Sales loses trust in the block notice, Legal loses trust in the report, and the customer sees their data in the wrong inbox.
You already send outbound mail through the central mail gate, and that is the right setup; what it doesn’t cover is a saved rule on a laptop that can still say yes first.
The final say
The risk isn’t that the rule is missing; it’s that two places can answer the same email at different times.
Everyone is talking about the central rule list. Nobody is talking about which copy of the rule gets the last say, so a central gate and a laptop with an old saved rule get treated like the same control.
In control engineering, this is called sample-and-hold: a controller uses the last value it sampled until the next sample arrives. Your mail agent has the same problem when yesterday’s rule keeps saying yes while today’s rule would stop the email.
Measure every outbound path by who gives the last yes, and treat saved rule copies as separate decision makers, not mirrors of the central rule.
If your team needs engineers who trace mail paths by the last yes before customer data leaves, that’s what we do at InTheValley.
