Encrypting Your Laptop Could Save You Money

compaq_laptop_hire.jpgI recently learned of Florida Statute section 817.5681 thanks to an article in The Florida Bar Journal. It seems like hardly a day goes by that there isn’t a story about a lost or stolen laptop full of confidential data. Of course, the risk isn’t limited to laptops. Hackers, unscrupulous employees, burglars, or others may breach the security of a desktop as well. Plus USB thumbdrives, portable hard drives, and personal digital assistants can also be lost, stolen, or copied and returned.

Losing unencrypted computerized “personal information” about your clients or customers can be very expensive. Florida, 36 other states, and the District of Columbia have enacted data breach laws that impose substantial duties and fines when an unauthorized person acquires unencrypted data. How expensive? How about up to $500,000.00? In addition, you must without unreasonable delay notify every Florida resident whose unencrypted personal information was acquired by an unauthorized person and restore the integrity of your computerized data system. The cost of notifying every one of your customers could be substantial.

The terms “breach” and “breach of the security of the system” mean

unlawful and unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained by the person.

It does not, however, mean the good faith acquisition of the personal information by an employee or agent so long as the information is not used in an unauthorized manner. So, what is the “personal information” that is protected? “Personal information” means

an individual’s first name, first initial and last name, or any middle name and last name, in combination with any one or more of the following data elements when the data elements are not encrypted:

(a) Social security number.

(b) Driver’s license number or Florida Identification Card number.

(c) Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

It “does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records or widely distributed media.”

There is hope though. The astute among you have already noticed the repeated use of the words “unencrypted” and “encrypted.” By definition the loss or unauthorized access to encrypted personal information does not violate the statute and is not subject to the substantial penalties or duties.

In one of those moments of serendipity, one of my favorite podcasts, Security Now with Steve Gibson and Leo Laporte, just happened to be discussing and highly recommending a hard drive encryption program called TrueCrypt. Steve Gibson really loved it. It can encrypt your laptop hard drive, portable hard drives, and flash drives. By using this or similar programs, you can protect yourself and your customers from the loss of data and the penalties of section 817.5681.

Of course, you should also use a firewall and periodically scan your computer for spyware and viruses. An estimated 500,00 to 2,000,000 computers worldwide are believed to be infected with spyware and other malware that could be used to steal personal information. A friend’s computer recently slowed to a crawl. I recommended that she download free software to scan for spyware and viruses. After days and days of scanning, she was able to identify and eliminate thousands of malware programs and the computer was good as new. I think she has learned her lesson. Don’t learn your lesson the hard way.

In closing, I can’t resist pointing out that, as usual, government protects itself from the expenses, penalties, and duties that it burdens private business with. The penalties don’t apply to governmental agencies who have custody of personal information. The penalties do, however, apply to private government contractors who lose personal information. The government is, of course, a major offender when it comes to the unauthorized disclosure of personal information. The IRS lost 490 laptops with personal taxpayer information and State of Florida lost a laptop containing Florida driver’s license numbers. Maybe the government ought to invest in a little encryption too.

Copyright Notice: All Rights Reserved Harry Thomas Hackney, P.A. 2008


2 thoughts on “Encrypting Your Laptop Could Save You Money

  1. I found your site on technorati and read a few of your other posts. Keep up the good work. I just added your RSS feed to my Google News Reader. Looking forward to reading more from you.

    Allen Taylor

  2. This is a fantastic article, it truly underscores the need for extreme security measures – especially for the small business.

    As stated by Frank Hayes, Senior news columnist, Computerworld.com,

    “We need to treat Social Security numbers and other personal information like the highly valuable, easily stolen commodities they are, and make them much harder to access in our systems….we need to encrypt, encrypt, encrypt.”

    I’ve also been a fan of True Crypt until I got scared off by the “cold boot attacks”. As a small business consultant, I am always traveling with my laptop so finding an encryption software program that provided me the utmost security was very important. I believe to have found this in nokVAULT File Encryption, a consumer based product, I bought online for about $50. What sold me was its claims of “invisible flies” and “out of OS” existence. “Outside of windows?” so I asked a friend of mine (who, not to mention is one of Canada’s leading Security experts – check him out @ http://www.jbm.net) to put it to the test and you know, the disk scanning tool I ran on my laptop could not locate ANY of the files I had protected with nokVAULT and I was sold. I guess Brent was impressed too, he’s now featured the software on his site as a “Dynamic File Encryption”..alas $50 well spent.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s