Financial institutions don’t have to encrypt the customer database

Recently a court has ruled that under Gramm-Leach-Bliley a financial institution is not required to encrypt it’s customer database. The lawsuit was against Brazos Higher Education Service Corporation Inc. because one of their employees negligently stored the unencrypted customer database on a laptop that was stolen from the employees home (read the full article at Findlaw.com).


Do you have a bank account? Do you invest? Do you have a loan? This impacts you! It’s funny how the media has spent so much time focusing on online banking fraud and now all the financial institutions are scrambling to get measures in place (such as secondary authentication with Corillian’s Intelligent Authentication) while this kind of BS is going on in the background. While financial institutions are focusing on protecting you through the online interface they are giving up your data in mass quantity behind the scenes with unencrypted databases because it’s not required by law…Stupid. It’d be interesting to know the numbers for 2005 that tell you how many accounts were compromised due to online fraud versus how many were compromised due to whole databases being stolen. I’m willing to bet on the later.


This court’s ruling is not in your favor as a customer. Encrypting customer databases won’t solve all our fraud problems but it’s definitely a step in the right direction. My crystal ball tells me that eventually people will wake up and push for this to happen. Wake up. Do you hear me? WAKE UP. Start pushing these financial institutions to do the right thing. Push hard enough, it’ll be in the media. When the media is pushing the issue, a law will follow shortly. Watch. You’ll see. You’ll have to push first though.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.