Judge Says Don't Sweat The Data Leaks

from the thanks-for-looking-out dept

A judge in Minnesota ruled last month that Wells Fargo wasn't negligent in a recent data leak when a contractors' laptop was stolen -- not because they took adequate precautions to prevent the leak, but rather because the thieves never used any of the data. The bank was sued by two customers, whose claim for damages was rejected because they couldn't show they'd actually been harmed, which on one level, makes sense. But to say that Wells Fargo or its contractor wasn't negligent in storing customer data unencrypted on a laptop is a stretch. A court ruled in a similar case earlier in the year (also in US District Court in Minnesota) that a company wasn't liable because it had taken "reasonable" precautions to protect data, which, in the case, included storing unencrypted information on a laptop. So with that standard, and this new ruling that says companies are negligent not when unencrypted information is stolen, but only if it's used, do legal consequences give companies much motivation to actually bother to protect customer information in a meaningful way? Of course not. So basically, if customer information gets stolen by a thief that just wants to hawk the laptop, companies have nothing to worry about -- but why should their negligence be defined by the actions of the thief, and not on the actual theft itself?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Japan girl, 16 Apr 2006 @ 2:23am

    Wells Fargo is Negligent and will not acknowledge

    Yeah I think it is pure negligence. The bridge analogy isn't so compatible because he or she was not paying for the bridge service, and the agreement was not made that it would safely carry the user across the river. At Wells Fargo or any other financial institution, your privacy is paramount and an agreement is made. Having personal unencrypted data outside of the premise is straight negligence to the customer's privacy. Bottom line, the customer has placed trust in ensuring the bank manages personal finance data and information and regardless of what happens the bank should be liable. Really, what kind of bank would go, "Sorry dude, some thief just swipped your money from your account." We cannot do anything about it. That's just simply bad service and untrustworthy.

    I am not exactly sure what the appropriate conclusion would be though. After all, I doubt some common thief used the personal data for his or her gain. But I would think that more appropriate and necessary measures should be taken to gain back the trust of their clients. I think the judge should have awarded some kind of penalty for a violation in the customer's privacy contract. Really that is the only way for the company to learn and where you really want the law to extend to at its maximum. It is also sad that the company didn't settle at all under some halfway point to express their apologies. However, laws should not be in place to forcefully tell the bank to encrypt their data, but they should have ruled for a violation of a contract.

    I am glad it ended up here at techdirt though, because I will not use Wells Fargo after this story.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.