Printer Friendly

Disclosure of data security breaches.

ChoicePoint, a corporation that collects and compiles personal and financial information on millions of consumers, disclosed last February that it been the victim of a security breach. The company had sold personal information about almost 145,000 people to a con artist involved in an identity-theft scam.

At first, the company only disclosed the breach to California residents, as required by California's Notice of Security Breach law, enacted in 2002. However, ChoicePoint later disclosed that residents in other states, the District of Columbia and three territories also may have been affected. Soon after the disclosures became public, Bank of America disclosed that it had lost computer back-up tapes containing private data that were being transferred to another location on a commercial airline flight, and Seisint, a database company recently acquired by LexisNexis, was hit by hackers who were able to gain access to the personal information for as many as 32,000 people. The single largest security breach was discovered in May: CardSystems Solutions, which processes credit card information for MasterCard and others, revealed that data on more than 40 million credit cards had been stolen after a hacker gained access to the company's systems.

In the weeks after these high profile incidents hit the news, 3S states introduced legislation requiring that companies or state agencies disclose to consumers security breaches involving personal information. At least 17 have already passed laws. Although other states' attorneys general demanded that CboicePoint notify consumers in all states involved in the breach, many state laws did not require it at the time of the ChoicePoint breach.

The ChoicePoint data incident reportedly has led to at least 750 known cases of identity fraud. Without the disclosure requirements of the California law, the individuals involved there and in other states would not have known about the possible theft and misuse of their personal information. The disclosures allow consumers to take action to protect their personal information, by monitoring financial records and checking credit reports.


Arkansas, California, Connecticut, Delaware, Florida, Georgia, Illinois, Indiana (applies to state agencies only), Louisiana, Maine, Minnesota, Montana, Nevada, North Dakota, Rhode Island, Tennessee, Texas and Washington.
COPYRIGHT 2005 National Conference of State Legislatures
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:State Legislatures
Date:Sep 1, 2005
Previous Article:Knowledge is power.
Next Article:Birthday blues.

Related Articles
Report security breaches: new rules aid privacy efforts, but challenge businesses. (2003 Technology & Business Resource Guide: Privacy Protection).
How to protect your privileged information.
Risk managers' role grows along with theft threats.
Cultivating data security: what's real, what's tail-chasing.
"Privacy and Data Security Review" from Sheshunoff.
Insurers raise uniformity concerns about house data-security bill.
Increase safeguards on identity theft.
Identity theft policies go corporate.
Data security bill loosens notification requirements.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters