Encrypting Your Laptop Could Save You Money

compaq_laptop_hire.jpgI recently learned of Florida Statute section 817.5681 thanks to an article in The Florida Bar Journal. It seems like hardly a day goes by that there isn’t a story about a lost or stolen laptop full of confidential data. Of course, the risk isn’t limited to laptops. Hackers, unscrupulous employees, burglars, or others may breach the security of a desktop as well. Plus USB thumbdrives, portable hard drives, and personal digital assistants can also be lost, stolen, or copied and returned.

Losing unencrypted computerized “personal information” about your clients or customers can be very expensive. Florida, 36 other states, and the District of Columbia have enacted data breach laws that impose substantial duties and fines when an unauthorized person acquires unencrypted data. How expensive? How about up to $500,000.00? In addition, you must without unreasonable delay notify every Florida resident whose unencrypted personal information was acquired by an unauthorized person and restore the integrity of your computerized data system. The cost of notifying every one of your customers could be substantial.

The terms “breach” and “breach of the security of the system” mean

unlawful and unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained by the person.

It does not, however, mean the good faith acquisition of the personal information by an employee or agent so long as the information is not used in an unauthorized manner. So, what is the “personal information” that is protected? “Personal information” means

an individual’s first name, first initial and last name, or any middle name and last name, in combination with any one or more of the following data elements when the data elements are not encrypted:

(a) Social security number.

(b) Driver’s license number or Florida Identification Card number.

(c) Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

It “does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records or widely distributed media.”

There is hope though. The astute among you have already noticed the repeated use of the words “unencrypted” and “encrypted.” By definition the loss or unauthorized access to encrypted personal information does not violate the statute and is not subject to the substantial penalties or duties.

In one of those moments of serendipity, one of my favorite podcasts, Security Now with Steve Gibson and Leo Laporte, just happened to be discussing and highly recommending a hard drive encryption program called TrueCrypt. Steve Gibson really loved it. It can encrypt your laptop hard drive, portable hard drives, and flash drives. By using this or similar programs, you can protect yourself and your customers from the loss of data and the penalties of section 817.5681.

Of course, you should also use a firewall and periodically scan your computer for spyware and viruses. An estimated 500,00 to 2,000,000 computers worldwide are believed to be infected with spyware and other malware that could be used to steal personal information. A friend’s computer recently slowed to a crawl. I recommended that she download free software to scan for spyware and viruses. After days and days of scanning, she was able to identify and eliminate thousands of malware programs and the computer was good as new. I think she has learned her lesson. Don’t learn your lesson the hard way.

In closing, I can’t resist pointing out that, as usual, government protects itself from the expenses, penalties, and duties that it burdens private business with. The penalties don’t apply to governmental agencies who have custody of personal information. The penalties do, however, apply to private government contractors who lose personal information. The government is, of course, a major offender when it comes to the unauthorized disclosure of personal information. The IRS lost 490 laptops with personal taxpayer information and State of Florida lost a laptop containing Florida driver’s license numbers. Maybe the government ought to invest in a little encryption too.

Copyright Notice: All Rights Reserved Harry Thomas Hackney, P.A. 2008

Beware the Forgotten Spouse!

This post is based on a real case. It is an excellent example of how delay and a failure to plan can hurt you and your family.

Joe and Sally were an older couple and both had children from previous marriages. They married after knowing each other for about one year. Neither one of them was “wealthy” and they did not bother with a prenuptial agreement. In fact, Sally deeded two pieces of real property that she owned to herself and Joe creating tenancies-by-the-entireties in the properties. However, the marriage did not work out and after several years Joe returned to his home in Virginia.

Sally died fifteen years later still married to Joe. She never bothered to get a divorce or a post-nuptial agreement. Her will left everything she owned to her only son, Charlie. At the time of her death, she owned the two real pieces of property as tenancies-by- the-entireties with Joe and approximately $300,000.00 in CDs, checking accounts, and savings. All of the $300,000.00 was either payable on death to Charlie or in a joint account with him. The real properties were worth about $250,000.00. Sally and Charlie lived on one of the parcels of real property, which was Charlie’s only home. She hadn’t seen or spoken to Joe in fifteen years. They hadn’t even lived in the same state during those years. Upon hearing of Sally’s death, Joe (being no fool) immediately sought counsel and filed a claim for an elective share. He also laid claim to the two pieces of real property.

Under Florida law, Joe became the sole owner of the two pieces of real property when his “wife” died. Joe claimed an elective share in Sally’s estate. See, Fla. Stat. §732.201 et seq. Because of the elective share allowed the surviving spouse of a spouse who dies domiciled in Florida, Joe will also receive thirty percent of the funds from the CDs, checking accounts, and savings even though they were all co-owned with or payable on death to her son Charlie. In other words, Joe gets two valuable pieces of real estate worth $250,000.00 plus $90,000.00 in cash for a total of $340,000.00. Sally’s only son Charlie, the sole beneficiary of her will, receives $210,000.00 and loses his home. Somehow I don’t think that is what Sally intended to happen. I’m sure she intended for Charlie to continue living in their home and to receive all of her money, as her will provided.

The moral of this story is to not leave any loose ends. Sally could have avoided this problem by divorcing Joe when he moved to Virginia Sooner would have been better than later so as to assure a “short term marriage.” Alternatively, she and Joe could have had a prenuptial before they married or a post-nuptial agreement afterwards. Once they were married, the only way to avoid his claim to an elective share would be a trust unless he voluntarily waived his rights in writing, which is what a nuptial agreement helps with. She should never have gifted one-half of her real property to Joe. Once she did that, there was no way to undo it without Joe’s cooperation. In my experience, once such a gift is given, it is rarely, if ever, freely returned and always ends up costing the donor. For the sake of your loved one, don’t forget that long gone spouse!

Copyright Notice: All Rights Reserved Harry Thomas Hackney, P.A. 2008