Lax Breach Laws Endanger Businesses

Weak Notification Requirements Hurt Consumers

By , February 20, 2012.
Lax Breach Laws Endanger Businesses
Read Transcript

Data breaches are under-reported, and breached organizations aren't giving consumers the information they need about these compromises, says Karen Barney of the Identity Theft Resource Center.

The chief reasons: Lack of a national breach notification law in the U.S., and the variations among the different state laws.

Currently, 47 states have breach notification laws, but interstate variations make reporting challenging. "I think a lot of businesses don't really know how many laws they have to deal with," says Barney, who oversees market research and data for the San Diego-based Identity Theft Resource Center.

"Current state notification laws have such a wide variety of loopholes."

Over the past five years, the ITRC has categorized nearly 700 breaches that had national reaches, though few, if any, were reported as such. [See the ITRC's state-by-state breach analysis.]

Most businesses and organizations, when complying with state notification laws, have traditionally only notified Attorneys General of the states where the entities are headquartered - not where the compromised customers reside.

California, Florida and Texas consistently rank the highest, with breaches in Texas representing 38.3 percent of all data breaches in 2011. "Does this mean these states were hit the hardest?" Barney asks. "We don't think so. They just did a better job of reporting."

During this interview, Barney discusses:

  • Steps banks, business and government are taking to notify consumers when breaches occur;
  • Why organizations should view adequate breach notification from branding and reputational perspectives;
  • How insufficient breach notification has impacted reporting figures.

Barney, a former victim of identity theft, has served in a variety of positions for the Identity Theft Resource center since joining in 2002. In her current role as the center's program director and research analyst, she provides and disseminates information about the center and its data. Barney presents ID theft statistics to civic and community organizations, especially where cybersecurity risks, consumer and business best practices, and protection of PII are concerned. She also plays an active role in most of the ITRC's partnerships.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Hackers Release Info from Swiss Bank

Hackers released sensitive information from Banque Cantonale de Geneve (BCGE) after the Swiss bank...

Latest Tweets and Mentions

ARTICLE Hackers Release Info from Swiss Bank

Hackers released sensitive information from Banque Cantonale de Geneve (BCGE) after the Swiss bank...

The ISMG Network