Security Data Breach Notification Laws
From afar, the data breach notification system may seem wholesome, however look a bit closer and you will find many insufficiencies made up of inconsistent state data breach laws that compose our nation’s standard defense against data breaches. The inconsistencies in state data breach laws cause insufficient protection of citizens, unnecessary complexities for businesses, and de-facto national requirements. Data breaches cause corporations millions of dollars and is one of the fastest growing crimes committed. For instance, California is witnessing identity theft as one of the fastest growing crimes committed. In 2000, the Los Angeles County Sheriff’s Department reported 1,932 identity theft cases, which was a 108 percent increase from the previous year. After a large amount of customer databases containing personal information were breached, security data breach notification laws were enacted by most American states since 2002. Specifically, the first security breach notification law introduced by California State Senator Peace on February 12, 2002 was law Senate Bill No. 1386 (“SB 1386”) in the state of California; it was passed unanimously by the California Senate and Assembly and it became effective July 1, 2003. Since most states follow California’s security breach laws and California is leading the nations effort in security data breach laws, I will be discussing California’s data laws in further detail, as this will focus in on issues regarding data laws in general. SB 1386 requires any company that stores its customer’s unencrypted date electronically to notify the customers if a security breach has taken place or if they have reason to believe that unencrypted date has been stolen. As defined by California’s law, personal information “includes any user name or email address, in combination with a password or security question and answer that would permit access to an online account [as well as...
Please join StudyMode to read the full document