There’s been a ton of media exposure about security breaches at major companies. Most recently, Time Warner admitted it lost data on 600,000 current and former employees. Bank of America Lost data on over 1 million people. ChoicePoint sold personal information on about 145,000 people to identity thieves. And Lexis Nexis had data on about 310,000 people improperly accessed. USA Today adds it all up and concludes:
In breaches reported publicly since February, more than 2.5 million records may have been exposed to thieves at data broker ChoicePoint, retailer DSW, news and information broker LexisNexis, the University of California at Berkeley and elsewhere.
I’ve often been asked whether federal legislation is likely. It is hard to be optimistic with Congress getting anything done lately, let alone passing bold new privacy protections. But an interesting development is that Congressional action might not be all that relevant. When it comes to consumer privacy, the states (especially California) have been leading the way. It was California’s law requiring disclosure of security breaches that prompted ChoicePoint to send letters to Californians about the breach back in February. Numerous states are now moving on new bills to address these problems. My speculation is that the companies might themselves push for federal legislation to stave off the state laws.
Originally posted at PrawfsBlawg
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.