These signs are commonplace now. Any company with 10 or more employees that operates within the state or sells products in California must comply with the requirements of Proposition 65. But despite predictions of "warning fatigue," it's undeniable that public-disclosure requirements have changed industry behavior and the types and manners in which certain substances are used.

Fast forward to today's data security challenge. It seems that the time has come again to apply this uniquely American policy approach -- to illuminate behavior and generate change in the way enterprises conduct business.

Indeed, some 25 state legislatures, led by California, have enacted varying laws directing businesses to notify individuals whose personal data have been compromised. A federal response requiring reporting on a nationwide basis may not be far behind.

As surprising as it may seem, coming from a business executive, this is a good thing. It will only accelerate an inevitable change in culture and business practice, encouraging today's C-suite to do something that smart executives would have done anyway. No one responsible for an enterprise's brand can accept the reputational, financial and litigation damage that come from the disclosure of a breach.

Greater transparency should also help return this issue to the realm of reality. Panic over an "epidemic" of data breaches ignores the fact that the ecosystem that makes it possible -- an increasingly networked planet in which the barriers to entry for everyone are dramatically lower -- also opens up equally powerful avenues for protection, of both the individual and the organization. These include the rapid development and spread of new encryption technologies, such as those that turn data on a misplaced laptop to gibberish.