I'm not defending Brazos on this one but your comment is a little unreasonable. How many people do you know that lock their laptops up in a safe at the end of the day? The more appropriate control would be desktop encryption or not having that data on a laptop in the first place. But anyone who works in the security industry knows that desktop encryption isn't the most widely used technology yet. And who's fault is that? Its easy for security professionals to call out companies for doing seemingly stupid things, but maybe instead of criticizing, we should do a better job educating.

Guin picked the wrong battle. He couldn't prove his data was on the laptop nor could he prove any injury. Data breach laws are still maturing. Challenging the law in a case where the laptop was stolen from a house probably wasn't the best move. There are numerous companies out there that have done much worse.

Whether the defendent was truly negligent or just under educated on proper security controls will never be known. With laws in their current form, I think the courts made the right decision.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/387/33174#33174