http://netscape.com.com/4520-3513_7-6381707-1.html?partner=netscape&subj=ne_6381707&tag=ns_techEarlier this year, I wrote about several major data breaches at ChoicePoint, then LexisNexis. Headlines screamed how thousands--and in the case of CardSystems, millions--of individuals had their names, social security numbers, and other personal information exposed to god-knows-who. These revelations came only because of a California law, SB 1386, which requires companies to inform California residents if any data breaches occur. The Senate is currently considering a national version of the California law, but a weaker House of Representatives bill is rapidly gaining influence in Congress. If the House bill passes and becomes law first, future data breach revelations will be silenced, and data thieves will be free to run amok.
California SB 1386 is the gold standard
Passed in 2003, California law SB 1386 states that any organization conducting business with California residents must notify those individuals if files containing their names, addresses, and other personal information have been breached. Chances are very few of the customers contained within the breached data files have ever suffered actual identity thefts. The numbers, in the millions, are rough estimates of potential victims, not reported ID thefts. But they're an important insight into the unregulated data warehouse industry, where your purchases at Wal-Mart, combined with your driving history and online newsgroup postings, could someday determine whether you get a job or get that promotion you've long deserved.