On MovieTome: The 10 worst movies of 2009 so far!
BNET Business Network:
BNET
TechRepublic
ZDNet
24 TalkBacks

By Declan McCullagh
Posted on ZDNet News: Feb 15, 2006 1:29:00 AM

A federal court has thrown out a lawsuit that accused a student-loan provider of negligence in failing to encrypt a customer database that was subsequently stolen.

Stacy Lawton Guin, a customer of Brazos Higher Education Service, sued the corporation on the grounds that encryption should be used as a routine security precaution.

But U.S. District Judge Richard Kyle in Minnesota dismissed the case last week, saying Brazos had a written security policy and other "proper safeguards" for customers' information and that it acted "with reasonable care" even without encrypting the database.

ID fraud help

Identity fraud isn't that likely to happen to you, but it does occur. CNET News.com has compiled a resource center with background information, statistics, and tips. A recent debit-card theft case has also drawn attention, and in response we've created a list of frequently-asked questions. Security protection is also being discussed at this week's RSA Conference.

The case arose as a result of a burglary at the Silver Spring, Md., home of John Wright, a Brazos financial analyst who worked remotely and analyzed loan portfolios. During that September 2004 burglary, a laptop with personal information about Brazos customers was stolen.

Brazos hired a private investigative firm, Global Options, to recover the laptop, but this was unsuccessful. The judge noted that there was no evidence that the database on the stolen laptop was used for identity fraud. After the theft, Brazos contacted approximately 550,000 of its customers to let them know of the situation and to suggest they place a security alert on their credit bureau files.

Even though he had not actually been harmed as a result of the theft, Guin argued, Brazos was required by the Gramm-Leach-Bliley Act to encrypt personal information and limit its disclosure. The 1999 law requires financial service companies "to protect the security and confidentiality of customers' nonpublic personal information."

Judge Kyle disagreed, saying that the house was in a relatively low-crime neighborhood and that the law does not specifically mandate encryption. "The GLB Act does not prohibit someone from working with sensitive data on a laptop computer in a home office," Kyle wrote. "Despite Guin's persistent argument that any nonpublic personal information stored on a laptop computer should be encrypted, the GLB Act does not contain any such requirement."

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 24 Talkback(s)
Users Aren't Necessarily Security Experts
The fact that something is available does not mean that everyone knows about it. Courts have to judge based on the standard of what it is clear that every reasonable person in a particular situation,... (Read the rest)
Posted by: nbarclay Posted on: 02/16/06 You are currently: a Guest | | Terms of Use
The judge is flat out wrong  bitflippper1 | 02/15/06
The judge is just acting.....  robertk2 | 02/16/06
Users Aren't Necessarily Security Experts  nbarclay | 02/16/06
I see major negligence here.  Mr. Roboto | 02/15/06
I agree  voska | 02/15/06
This is why you get squat...  Chad_z | 02/15/06
Jeez - What does the OS have to do with this?  Confused by religion | 02/15/06
..because..  5th Limb in the Kisser | 02/15/06
Get that thing out of your mouth and start making sense  Confused by religion | 02/15/06
but it just tastes SOOOOOOOO good!  5th Limb in the Kisser | 02/15/06
My mistake  Chad_z | 02/15/06
like you typically say though..  5th Limb in the Kisser | 02/15/06
So if I steal your Linux box it's ok?  No_Ax_to_Grind | 02/15/06
so long as you pony up the cash!  5th Limb in the Kisser | 02/15/06
This is bad news for consumers...  BitTwiddler | 02/15/06
I'm SHOCKED  5th Limb in the Kisser | 02/15/06
Yes, the world does indeed need DRM.  No_Ax_to_Grind | 02/15/06
DRM doesn't help  rhavyn | 02/15/06
What the?!? Do you even understand the diff between encryption and DRM?!?  xunil skcor | 02/15/06
Definitly wrong  TLG_z | 02/15/06
Encrypting sensitive data (Company Routine)  theshrink@... | 02/15/06
Encryption  461wa127 | 02/16/06
Law NEEDS to be changed.  jwschull@... | 02/16/06
Ex post facto laws are unconstitutional!  nbarclay | 02/16/06

What do you think?

Essential Topics Click Here

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here