4/07/2006

Overview of Personal Information Security Law

"The year 2005 involved unprecedented disclosures of information security breaches of consumer information, with risk of fraud and identity theft. There were approximately 130 reported incidents of data breaches of consumer information during 2005, exposing information concerning over 55 million individuals.

Inquiries showed that there had been many data breaches in the past. They were often not disclosed because there were no laws which required disclosure. A new California law, which required disclosure, was the major driver for many of the 2005 disclosures.

A number of state legislatures have already responded with new information security laws, covering such areas as requiring reasonable security, requiring notice of breaches and providing for credit freezes. Many more are under consideration. At the federal level, Congress is considering a number of data protective laws and action is expected in 2006. Courts have started to address the legal outfall from these breaches.

These high profile breaches are already leading to expanded requirements and greater potential liability in the area of consumer data. They are likely to accelerate the expansion of information security obligations and potential liability in other areas. It is critical for businesses and organizations of all sizes to understand the information security legal obligations which apply to them and to implement effective information security programs to address them, as well as other relevant information security considerations."

Read more in this outline from acca.com.

Technorati Tags: , , , ,