Thomas Oscherwitz offers at CNet News.com a nice overview perspective of recent developments in data security laws. Radical changes in the law took place during 2005 after the ChoicePoint data debacle, largely as a result of states following the lead of California in requiring disclosure of certain security breaches that largely had been kept secret in the past.
More changes are certain to follow as more states consider rules on maintaining security at the front end rather than just focusing on disclosure of breaches at the back end. And Congress is still lurking in the wings trying to devise a federal approach to the problem. But Oscherwitz suggests many of these new laws soon may be outdated by technological developments.