Comment Pending Federal Laws on data theft may preempt (Score 1) 137
The Law Librarian Blog has a post about bills pending in the US Congress that would regulate data theft, many of these bills would preempt more strict state laws, like California's data theft law.
Another concern raised is that many companies don't even realize they've been hacked. "Data breach notification laws assume companies are able to detect the loss of personal data in the first place and then determine if lost data contained personally identifiable information.|LLB|"
The post cites to a recent Ponemon Institute study that found most companies don't have sufficient data security detection measures in place to even detect data thefts.
Another concern raised is that many companies don't even realize they've been hacked. "Data breach notification laws assume companies are able to detect the loss of personal data in the first place and then determine if lost data contained personally identifiable information.|LLB|"
The post cites to a recent Ponemon Institute study that found most companies don't have sufficient data security detection measures in place to even detect data thefts.
81% of respondents report that their organizations have experienced one or more lost or missing laptop computers containing sensitive or confidential business information in the past 12 month period...When asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server, or mobile device, the most frequent answer was "never"...On average, 64% of respondents admit that their companies have never conducted a data inventory to determine the location of customer or employee information contained in various data stores.|Ponemon Report PDF|(emphasis added)
