Data security breaches: the state of notification laws

California's Security Breach Information Act (SBIA), which took effect Jul 1, 2003, was the first state law to impose a general obligation on businesses to notify the state's residents of data security breaches involving their personal information. The most important variation on the SBIA...

Full description

Saved in:
Bibliographic Details
Published in:Intellectual property & technology law journal 2007-07, Vol.19 (7), p.5
Main Author: Silverman, David L
Format: Article
Language:English
Subjects:
Compliance
Confidentiality
Data integrity
Data security
Disclosure
Electronic commerce
Government agencies
Identity theft
Laws, regulations and rules
Notice (Law)
Personal information
Privacy, Right of
State laws
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:California's Security Breach Information Act (SBIA), which took effect Jul 1, 2003, was the first state law to impose a general obligation on businesses to notify the state's residents of data security breaches involving their personal information. The most important variation on the SBIA has been the introduction of a risk-based exception, allowing affected entities to avoid notification based on their own assessment that the risk of harm is less than a statutorily defined standard. The SBIA defines a "breach of the security of the system" as unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information. Because data security breach notification laws are a relatively recent phenomenon, a fair assessment of the effect of risk-based triggers must wait until courts have reviewed actual decisions not to report. The number of states adopting data security breach notification laws continues to grow, as does the percentage of businesses serving customers across state lines through e-commerce Web sites.
ISSN:1534-3618