Do Breach Notification Laws Work?

by Doug Pollack

This past week, a seminar was held on the campus of UC Berkeley on the topic of Security Breach Notification. Wired Magazine published an article about this topic and the unfortunately conclusion that while breach notification laws are substantially increasing the awareness of data breaches with the public and the security risks of data breaches with those who hold your personal data, data breach events nonetheless are on the rise.

“It’s clear that the laws have made the public more aware of breaches and the vulnerability of their data, and have exposed poor security practices at many businesses. A 2005 study by the FBI showed that in the absence of a legal requirement to report breaches, only 20 percent of firms would report serious breaches to law enforcement.”

And while there has been a great deal of study as to whether the breach notification laws have reduced the incidence of subsequent identity theft due to breach events, the results remain inconclusive.