Want to stay current on e–commerce law? Sign up for Email Newsletter.
U.S. Court Rules Student Loan Provider Not Required to Encrypt Customers Personal Data
A U.S. District Court Judge has dismissed a lawsuit against a student loan provider that was initiated by one of its customers after a laptop computer containing the customer's personal data was stolen from the home of one of the student loan provider's employees. The Judge found that neither legislation applicable to financial services providers, nor the standard of care specifically applicable to the defendant, required the defendant to encrypt its customers' personal data.
Despite there being no evidence of identify theft against any of the defendant's 550,000 customers whose personal information was stored on the laptop, the plaintiff argued that the defendant had nevertheless failed to "protect the security and confidentiality of customers' non-public personal information" as financial services companies are required to do in the U.S. under the Gramm-Leach-Bliley Act.
The Judge noted that the 1999 legislation does not specifically mandate the encryption of customer data or "prohibit someone from working with sensitive data on a laptop computer in a home office". With respect to the applicable standard of care, the Judge held that the defendant had met it with "proper safeguards" including a written security policy.
For additional information, visit:
http://news.com.com/2100-1030_3-6039645.html