This makes sense. Even if data was encrypted, the key could have been stolen from the same house. If it was required to lock it in a safe, the same laptop could have been locked in a safe, too. It is reasonable protection to keep the data unencrypted in a house, with locked doors. If it was in a safe, the whole safe could have been taken by the burglars. Highly sensitive data should never leave a guarded area, because then the data and its access methods are the same vulnerable: the user could make a mistake, he could be forced at gunpoint to provide access, etc.
> -------- Original Message -------- > Subject: COURT SAYS UNENCRYPTED DATA OKAY > From: "Cole, John (Civ, ARL/CISD)" <[EMAIL PROTECTED]> > Date: Thu, February 16, 2006 1:04 pm > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>, "ross (ross)" <[EMAIL PROTECTED]> > > COURT SAYS UNENCRYPTED DATA OKAY > A federal judge in Minnesota has dismissed a case alleging that a > student loan company was negligent in not encrypting customer data. The > case was filed by Stacy Lawton Guin after a laptop containing > unencrypted data on about 550,000 customers of Brazos Higher Education > Service was stolen from an employee's home in 2004. Although he was not > harmed by the loss of his personal information--indeed, there have been > no reports of any fraud committed with the stolen information--Guin > argued that the Gramm-Leach-Bliley (GLB) Act required Brazos to encrypt > the data. Judge Richard Kyle rejected that claim, noting that the > legislation does not specifically require encryption. > The law states that financial services companies must "protect the > security and confidentiality of customers' nonpublic personal > information," but, according to Kyle's decision, "The GLB Act does not > prohibit someone from working with sensitive data on a laptop computer > in a home office." > CNET, 14 February 2006 > http://news.com.com/2100-1030_3-6039645.html
