COURT SAYS UNENCRYPTED DATA OKAY
A federal judge in Minnesota has dismissed a case alleging that a
student loan company was negligent in not encrypting customer data. The
case was filed by Stacy Lawton Guin after a laptop containing
unencrypted data on about 550,000 customers of Brazos Higher Education
Service was stolen from an employee's home in 2004. Although he was not
harmed by the loss of his personal information--indeed, there have been
no reports of any fraud committed with the stolen information--Guin
argued that the Gramm-Leach-Bliley (GLB) Act required Brazos to encrypt
the data. Judge Richard Kyle rejected that claim, noting that the
legislation does not specifically require encryption.
The law states that financial services companies must "protect the
security and confidentiality of customers' nonpublic personal
information," but, according to Kyle's decision, "The GLB Act does not
prohibit someone from working with sensitive data on a laptop computer
in a home office."
CNET, 14 February 2006
http://news.com.com/2100-1030_3-6039645.html
