On the Mark - Congress - Congress Still AWOL on Data Breach Disclosures
Latest News
SHARE
Facebook X Pinterest WhatsApp

Congress Still AWOL on Data Breach Disclosures

Written By
Roy Mark
Roy Mark
Oct 7, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

In 2005 ChoicePoint was forced to admit it was duped into turning customer data over thieves. Almost 200,000 people were affected by ChoicePoint’s data breach and Congress was riled.

But what got lawmakers really steamed was ChoicePoint’s admission that if it had not been for California’s then-new data breach disclosure law, the data broker would not have told any of the potential identity theft victims of the breach. With their usual flair, lawmakers introduced bills, held hearings and pontificated at length on the need for consumers to be informed when their personal information is compromised.

The Republican-controlled 109th Congress, though, ultimately did nothing about a national data breach disclosure law. Unfortunately, the Democrat-controlled 110th Congress is about to clock in with the same results.

Almost four years after the fact, Congress still piously rails against U.S. data breaches, holds high-profile hearings that play well back home and, ultimately, does nothing.

Data breach notification bills in both the House and Senate failed in the 109th largely because of jurisdictional disputes between various committees. Lawmakers also struggled with the trigger mechanisms for breach notification. Some favored notification when a “significant” risk of potential identity theft exists while others supported a “reasonable” risk standard.

In the 110th Congress, which hardly has a breath of life left in it, the same types of data breach disclosure legislation were introduced and met the same fate. Even Sen. Dianne Feinstein’s bill to let retailers, data brokers and others determine the disclosure trigger failed to gain traction.

Everyone, it seemed, was worried about consumers getting too many notices that would lead them to ignore all warnings. Meanwhile, more than 40 states have passed some sort of data breach disclosure law, creating a hodgepodge of standards.

What is Congress waiting for? Surely it is not for the security industry to create magic bullets. It hasn’t.

According to data released Oct. 6 by the ITRC (Identity Theft Resource Center), data breaches continue unabated at U.S. corporations, governments and universities, already surpassing last year’s record 446 breaches. Through the end of September, the total number of data breaches recorded (PDF) by the ITRC was 516, averaging 57 breaches a month.

Instead of going forward, it seems we’re going backwards.
Roy Mark
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information