14 DAY TRIAL // Now, here's some good news - this is a rare thing in cyber-security - the Californian government just issued an act that expands a data breach law. All that is needed for this new bill to pass is the governor's (Arnold Schwarzenegger) signature and the new "Consumer Data Protection Act" is going to be official. So, what does this act say? Well, amongst other things, it states that if a data breach should occur, the company who had its data leaked, should immediately announce anyone affected by it. But in the "expansion" of this law, retailers are required to reimburse bank and credit card union for breach notifications and credit card replacements, as eWeek informs. Also, everyone that works with credit cards will be forbidden to store data from the cards' magnetic strips. This is also great for protecting data!
As for the act itself? well, let's just take a look at things. Hacker breaches database, steals some e-mail addresses, company makes it public and loses credibility. All that could happen to the affected ones is receive some extra spam. Notifying them is the right thing to do, since it's the firms' policy to do everything in the interest of their clients, even though the breach had not been something critical. Let's consider another scenario: hackers bypass security, breach database, acquire social security numbers and other sensitive info, company makes this public, they lose some credibility, but at least the customers will know how to protect themselves. And now, let's try and imagine the worst case scenario - data leaks, the company keeps it quiet - now, there are two possibilities: either nothing bad happens and everything is forgotten, or someone steals the customers' identity. In the second case, there will be a huge scandal, that would result in credibility loss, lawsuits and who knows what else. So, even if this law seems unpleasant for some, it is certainly a great move, if you ask me.