Specifics - Data Breach Notices

Data breaches occur when unauthorized persons gain access to databases containing personal information, like Social Security and credit card numbers. We feel that if there has been a security breach, the organization that maintains personal information about consumers, should be required to inform those consumers about the breach.

California has a law since 2003, called the California Security Breach Information Act, requiring such organizations to inform their customers if the security of their information has been compromised. Similar laws have now been passed by 22 other states. Organizations have been complying with these law nationwide [see recent example], but the new federal bill poses a threat to this progress.

Under the federal bill, a breach would only be reported when the information is likely to be misused and cause substantial harm to consumers. Given the potential bad press and high administative costs, organizations are unlikely to report most breaches under the current federal bill, leaving consumers surprised when something does happen, instead of empowering them to protect themselves.