US Court Finds Corporation not Negligent for Failing to Encrypt Database

On a summary motion, a US District Court Judge in Minnesota has found that an employer was not negligent when an employee's laptop computer containing a customer's personal information was stolen from his home, and further found that there was no duty to see that the personal data was encrypted. The plaintiff, Guin, had argued that a financial services security statute that required encryption of personal information also applied to the homeworker's computer. After finding that the use by the employee of the laptop at home, even containing sensitive data, was not in itself a breach of the statute, the Judge went on to deal with the question of the alleged breach of a common law duty of care. The Court found that because the employer, Brazos Higher Education Service Corp, had written policies in place to protect personal information, had trained its employee and that he had transmitted and used data in accordance with those policies, there was no breach of duty to Guin. For a news report of the case, Guin v Brazos Higher Education Service Corp 2006 WL 288483 (D Minn, Feb. 7, 2006) see: http://news.com.com/2100-1030_3-6039645.html For the full text of the reasons for judgement, visit: www.nysd.uscourts.gov/courtweb/pdf/D08MNXC/06-00529.PDF Summary by: The Editor