It's precisely the threat that companies must notify consumers each time that makes the California law so useful: It finally requires that the CEO and board of directors pay attention. And, notifying all consumers is costly -- one survey I read said that notifying customers after a security breach cost companies about $70 per notification, and that 40 percent of affected customers at least considered ending their affiliation with the breached company.
The mere fact that 40 percent of affected customers considered ending their relationship with an entity begs for full disclosure of security breaches. Forty percent of people, whether it impacted them or not, thought the information important enough to affect their lives. Congress, are you listening?
The information provided on the House Committee on Energy and Commerce's Web site says the following: "The FTC says that over a one-year period, nearly 10 million people had discovered that they were victims of identity theft. Estimated losses translated into $48 billion for businesses and $5 billion to consumers." How many of next year's consumers will not by notified if the DATA Act passes?
Take 15 minutes tonight to e-mail your state representatives about the DATA Act's shortcomings (H.R. 4127). The poorly written bill was passed along party lines out of a House Energy and Commerce subcommittee on Nov. 3, and it will now go on to larger votes in the Energy and Commerce committee, then the House of Representatives and the Senate.
And there is another option available: as we go to press, the Senate is set to vote on a similar bill that passed out of subcommittee, the Personal Data Privacy and Security Act of 2005, S.1332, and the related S.1789 bill. Although any exceptions supercede state laws, this proposed law has hard and fast rules over materiality (more than 10,000 personal records compromised), imposes jail terms for those who willfully neglect to notify affected consumers, and contains a lot of other very welcome language. It's not perfect, but let's hope the Senate version is pushed to the House vs. the other way around.