Security-breach notification laws
At least 36 states have enacted legislation requiring organizations that possess sensitive personal information to warn individuals of security breaches. California led the way in the creation of these laws, driven by concerns about identity theft and lax information security. In following California's lead, other states have expanded upon the requirements of the California statute by, for example, requiring that organizations report breaches to a state regulatory agency.
Much still needs to be learned about information security practices, security breaches, and the link between these breaches and fraud. However, the proliferation of state laws has driven many businesses to call for federal security breach legislation that overrides state law. Data holders have begun to question whether consumers pay attention to security breaches, and whether most security breaches result in identity theft.
At berkeley.edu (PDF)
[ Read more ]