Expansions in Breach Notification Law

As previously mentioned, the majority of states currently have breach notification laws and the first state to adopt a notification law was California. Now, California has a new bill that, if passed, would require companies to provide victims with more information regarding the breach as well as notify the State if the breach affects over 500 California residents. The notification to a central governmental agency could allow for improved tracking of breach activity. But in this particular area, California is not necessarily the pack leader as other states already have requirements for providing breach notification to state enforcement agencies. As discussed at the recent Security Breach Notification seminar at Berkeley, all of these notification laws may not be working anyway, as data on security breaches continues to be unreliable. Still, as long as the notification laws are in place, companies can better afford compliance if they have insurance coverage that helps offset the cost. Many insurance markets do offer protection for breach notification costs. Look for protection that includes privacy regulatory-imposed civil fines and penalties and consider what type of private data is covered as well as what type of limit applies.