Breach notification laws
Tuesday, November 10th, 2009Breach Notification Laws are here to stay, folks.
California started it’s version in 2003, followed by Arkansas in 2005. Now 45 states have laws that require companies to notify residents of the respective states if their Personally Identifiable Information (PII) has been breached.
What’s next? - there are two current bills on the Senate floor in DC - both federal laws (meaning, they will supersede the state laws and that all companies nationally have to comply). One of them, by Leahy-VT, actually will permit more pervasive state laws to be in effect (for example, the far reaching Mass Privacy Law CMR 201 17) while the other, by Feinstein-CA, allows for “Safe Harbors” (meaning, if the breach was not malicious, then notification is not necessary).
Follow to this blog over the coming months for more information on such laws and how to comply with them.
Encouraging you to embrace obfuscation (TM),
Rajesh
MENTIS Software