I've worked for two of GS's competitors. Any email with confidential information (internal or external) has to be encrypted and signed. Standard operating procedure. I assume it is at GS too and this fella, like most folks on the investment side, just didn't give a hoot about the SOP.