All the encryption in the world won’t protect your data if the recipient decrypts it to store it.

AUSTIN, Texas - Equipment containing the names and Social Security numbers of about 1.3 million Texas Guaranteed Student Loan Corp. borrowers has disappeared, company officials said.
…
“It was not a security breach where someone hacked into our system,” said Sue McMillin, Texas Guaranteed’s president and chief executive.

The piece of equipment, which the company did not identify, was lost May 24. Officials said encrypted electronic files containing the data were sent to Hummingbird Ltd., which helps companies manage large amounts of information. A Hummingbird employee downloaded, decrypted and stored the files on a piece of equipment that was later lost.

We don’t know whether the mysterious “piece of equipment” was a tape, CD, USB stick, floppy disk, laptop, desktop, or stone tablet. Not that it matters.

This is an updated version of propping open the data center door. If a control is deemed too inconvenient, users will find ways to bypass it, usually rendering it ineffective in the process.

The failure here was not the technology, but rather the people and processes at Hummingbird and the contract governance by TGSL which didn’t ensure that the data was only decrypted while in use.

The Daily Incite - June 6, 2006…

June 6, 2006 Good Morning: Welcome to the day of the Devil. 06/06/06. Today I'm going to indulge my inner devil a bit and rant about the legal system here in the US. First is the patent "game" that technology companies need to play, …

Encryption is the basic step to safeguarding sensitive data, but as you’ve noted here it becomes obsolete once files are decrypted. A good solution is Digital Rights Management (DRM) technology. While encryption provides security when data is in transit, DRM gives protection once files have been recieved and decrypted. I don’t think encryption is useless, but it should be used in combination with such technology as DRM.