Thursday, February 23, 2006

GLB Does Not Require Encryption

A judge in a trial level federal court ruled recently that Gramm-Leach-Bliley does not require encryption of personal information.

A company employee kept unencrypted cutomer informtion on a laptop that was stolen from his home. The plaintiff argued in a Minnesota federal court that GLB imposes an obligation to protect against unauthorized access to cutomer's personal information (the court agreed) and that it included encryption.

The judge granted a motion to dismiss the lawsuit, stating that GLB does impose a legal duty that "any nonpublic personal information stored on a laptop computer should be encrypted."


Post a Comment

<< Home