Published on:

Encrypted Financial and Identification Data May Not be as Secure as Businesses Think

Criminal activity relating to stealing financial and identification information from the computer systems of individuals and businesses is increasing as the internet becomes more popular and people become more technologically advanced. Network security companies sell encryption software that presumably allows individuals and companies to protect the financial and identification information they keep on their computers and networks. However, a group of researchers from Princeton University recently exposed a basic flaw that would allow someone to steal encrypted information that is stored on computers. The method the researchers used was as simple as shooting cold air onto the computer memory chip with a can of dust remover which can be purchased at any hardware store. When the computer memory chip is hit with the cold air, the data on the chip is frozen for a period of time allowing the person to retrieve the information on the memory chip.

What does this mean for businesses in Jacksonville and elsewhere in Florida? The Florida data breach law requires companies whose computer security systems have been breached to notify any individual whose personal information has been materially compromised. In other words, any company that maintains personal information about an individual must notify that individual if the company’s computer system has been compromised such that the data breach likely has resulted, or likely will result, in harm to the individual. For more information about the Florida data breach law and notification requirements, please visit the discussion of this subject on our website.

There is an exception to the notification requirement in the Florida data breach law. If the personal information kept by the company was encrypted, the company does not have to notify any individuals of the data breach. However, as this study suggests, although encrypting information may remove a company from the notification requirement of the law, it does not necessarily mean that data is safe and a data breach is still possible which can subject a company to serious financial ramifications and horrible publicity.