Welcome to the wide world of litigation (Score 1)

This is not an uncommon situation by any stretch of the imagination. NY state just enacted its Breach Notification act stating that any company that loses customer data must disclose this loss to its customers... with the HUGE loophole that if the data is encrypted (not mentioned what form of encryption), no disclosure needs to take place. HIPAA also states something to the same effect with our patient privacy rights... paraphrase: Any open band communication must be encrypted, any data that travels on insecure networks... neither laws mention encryption standards in anyway merely that the effort be made. Scary times we live in.