If so, look for various legally-required notices to go out, far and wide, shortly. The report -- in the local Arkansas papers -- read as follows, of an event that occurred on December 1, 2009:
. . . .501 Millwood Circle: On Dec. 1, Alicia Silva of Maumelle reported the theft of an IBM T200 laptop computer from her vehicle. She told police she either left the computer on the hood of her vehicle while dropping of her child at Little Scholars Academy or it was stolen while she left the vehicle there. The computer requires a fingerprint identification to operate and belongs to her employer, Merck and Company. . . .
Interesting -- I believe that, even with the fingerprint-key feature, since the laptop's hard drive may be easily removed, and then simply dropped into a clamshell case, and connected by USB to any other computer, and all data then read, copied and potentially sold -- the notices will be required. We shall see.
2 comments:
Actually, MERCK and SP began to use a software encryption tool that would prohibit the open use of data as you would describe it.
But the laptop could be of value with a new harddrive though..
". . . .If encryption of stored information is employed as an access enforcement mechanism, the cryptography used is FIPS 140-2 (as amended) compliant. . . ."
I guess the question under HIIPA is whether a "breach" occurred, if the hard drive is encrypted to the FIPS 140-2 standards.
Notices are only required if "a breach" has occurred, under applicable federal rules -- which, in turn, hinges on a "no reasonable probability" of the crook being able to retain the private data standard.
So, we shall see. I just think the delivery of the notice itself will be potentially humiliating for New Merck.
Great comment! Thanks, and. . .
Namaste
Post a Comment