Identity Theft Encryption Not Required as Judge Rules for Financial Institutions
New court ruling means a financial institution does NOT
have to encrypt a customer record database. Ruling judge
"throws out" the consumer's lawsuit against
the company which thieves stole a laptop
containing the personal identity & information
of over 500,000 consumers.
Not Congress, not big profit only financial institutions, and
certainly not data brokers have your best interests in mind
when it comes to protecting consumer information against
thieves (remember Choicepoint was actually selling data to
an identity theft ring).
Now a federal court, with this recent decision, affirms how the
odds really are stacked against consumers like all of us in
becoming an identity theft victim.
The target of the lawsuit is a USA based financial
institution which means it's regulated under the
Gramm Leach Bliley Act (GLBA). The GLBA Security
Guidelines require regulated entities to "establish appropriate
standards for the financial institutions subject to their
jurisdiction relating to administrative, technical, and
(1) to insure the security and confidentiality of
customer records and information;
(2) to protect against any anticipated threats or
hazards to the security or integrity of such
(3) to protect against unauthorized access to
or use of such records or information which
could result in substantial harm or
inconvenience to any customer."
What this means in everyday language is the GLB
law requires lender financial institutions to take
"reasonable measures" to do everything
possible to protect their customers' sensitive
While transmission of data was covered,
evidently encryption of the personal information
contained on the company's laptop was not deemed
applicable by the ruling judge under the GLB law.
So, technical legal loopholes aside in how the
"reasonable measures" interpretation by the judge,
the key takeaway of this article is consumers are
on their own when it comes to protecting
their personal data.
So, our tip for today is contact your financial
institutions to opt out from data sharing of
your personal information. Also, request
them to mail to you a statement how they
safeguard your data. Where these
companies utilize your social security
number (ssn) as the primary account
identifier, request a random or alternate
number to be pinned to your file. Plus,
demand a secondary security access
password of your choosing which will be
required for when your file is accessed
over the phone during customer service calls.
Finally, to round out your practice of denying access
to your sensitive personal information, prevent and
limit your potential damage by adopting an
automatic notification alert service for suspicious
activity typically indicating early signs of identity theft.