GLB Does Not Require Encryption
A judge in a trial level federal court ruled recently that Gramm-Leach-Bliley does not require encryption of personal information.
A company employee kept unencrypted cutomer informtion on a laptop that was stolen from his home. The plaintiff argued in a Minnesota federal court that GLB imposes an obligation to protect against unauthorized access to cutomer's personal information (the court agreed) and that it included encryption.
The judge granted a motion to dismiss the lawsuit, stating that GLB does impose a legal duty that "any nonpublic personal information stored on a laptop computer should be encrypted."
A company employee kept unencrypted cutomer informtion on a laptop that was stolen from his home. The plaintiff argued in a Minnesota federal court that GLB imposes an obligation to protect against unauthorized access to cutomer's personal information (the court agreed) and that it included encryption.
The judge granted a motion to dismiss the lawsuit, stating that GLB does impose a legal duty that "any nonpublic personal information stored on a laptop computer should be encrypted."