Privacy Digest

Congress, can you hear me NOW? (commentary) - Via PogoWasRIght - Privacy News Headlines:

By Dissent:

A few nights ago, I played "catch up" on breaches after the Maryland Attorney General's office started making breach notifications publicly available on the web.

It is staggering how many breaches we never learn about because there is no central registry of breaches and most states do not make their breach notices publicly available on the web. Thankfully, three states do report on notifications received, and two of them upload the reports themselves.

Since the beginning of this year, Maryland has received approximately 64 breach notifications. New Hampshire shows 43 breach reports for 2008. Of the combined pool of 74 unique breaches, 44 breaches appeared on one of the two, but not both, states' reports. Clearly we need more states uploading their reports as some breaches may be state- or region-specific.

Even more significantly, perhaps, of the 74 unique breaches, over 2/3 never appeared in the media. If we extrapolate from the first quarter data, that's another 200 breaches per year for just those two states that might never show up in the media. How many breaches would we be talking about nationwide if we could readily access all state reports or if all breaches were required to be reported to one central federal agency that would publish the reports?

Congress has been catering to business or giving in to push-back for too long. We are way overdue for a national disclosure and notification law. If Congress can require a national ID that imposes huge financial burdens on states and taxpayers, they can darn well require a national notification law, even if it costs businesses something. After all, no business has to incur costs of notification if they keep our personal information secure, right?

(Read Original Article - Via PogoWasRIght - Privacy News Headlines.)