Skip the navigation Computerworld * Subscribe to a Newsletter * Solution Centers + Client Solutions for the Efficient Enterprise + WAN Optimization Zone + IBM Federal Government + Integrated File & Content Tiering + Ipswitch Managed File Transfer Solutions + Iron Mountain Solving Information Management Challenges + Mobile Management + Symantec Small Mid Business Solutions + VirtualizationVision + Xerox Managed Print Services + View all Solution Centers * Events + Face-to-Face + Virtual * Magazine + Latest Issue + Subscribe + Subscriber Services * Twitter * Facebook * RSS ____________________ Submit * Topics + Operating Systems + Networking + Mobile and Wireless + Security + Storage + Data Center + Hardware + Applications + Internet + Management and Careers + Government/Industries + All Topics * News * In Depth * Reviews * Blogs + Featured Blogs + IT Blogwatch + Jonny Evans + JR Raphael + Preston Gralla + Richi Jennings + Robert L. Mitchell + Steven J. Vaughan-Nichols + All Bloggers * Opinion * Shark Tank * IT Jobs * White Papers * Webcasts * More + Enterprise IT + Hot Topics + IT Finance + IT Government + IT Health Care + QuickPoll Center + Shark Bait + Video Security * App Security| * Business Continuity| * Cybercrime and Hacking| * DRM and Legal Issues| * Data Security| * Malware and Vulnerabilities| * Privacy| * Security Hardware and Software Home > Security Debate Continues on Breach Notification Privacy experts, lawyers differ on whether more laws would help By Jaikumar Vijayan March 6, 2006 12:00 PM ET Recommended (1) Facebook Twitter Share Computerworld - While security breach notification laws are forcing businesses to take more responsibility for their data, the debate continues over when consumers should be notified of an incident. On one side are those calling for consumers to be notified of any breach that could expose sensitive data. Others, however, say a high disclosure threshold should be required to prevent overnotification and needless costs. Franklin, N.J.-based Medco Health Solutions Inc. has come under fire for waiting more than a month to report the theft of a laptop computer containing unencrypted Social Security numbers and birth dates of about 4,300 Ohio state workers and 300 dependents. The company, which handles prescription drug benefits for state employees in Ohio, reported the Dec. 28 theft to state officials on Feb. 8. The incident prompted Ohio officials to call for a review of the $4 million contract. Kirk Herath, chief privacy officer and associate general counsel at Nationwide Mutual Insurance Co. in Columbus, Ohio, said that companies "clearly have a responsibility to safeguard customer information." However, he said many state laws have "hair triggers" when it comes to disclosures. "I really think the standard for disclosure should be a clear risk of danger or harm to the consumer," Herath said. Others argue that allowing companies to make disclosures based on their assessment of the risk posed to consumers is unworkable. "Breaches should not be tied to the potential criminal use of the information," said Christopher Pierson, a lawyer at Lewis and Rocca LLP in Phoenix. "I find it highly unlikely that IT professionals, company officials or lawyers would be able to examine the intent of a criminal that has yet to be identified." There is a growing call for a national breach-disclosure law that will preempt the patchwork of more than 40 state laws that are in place or in the works. Many state laws specify different triggers for notification and set varying requirements on what must be disclosed to whom and when. California, for instance, requires companies to notify consumers each time their data is compromised. Other states, such as Delaware, Arkansas and Florida, require that consumers be notified of breaches only if the companies believe there is a reasonable risk of harm. "The good news with these laws is that security incidents are more public and more visible, and that's really motivating companies to do a better job of protecting data," said Kirk Nahra, a board member of the International Association of Privacy Professionals, a group of IT security and privacy workers in York, Maine. 1 2 Next page Recommended (1) Facebook Twitter Share Email Print [clear.gif] [logo_twitter_99x23.gif] Load More What are you thinking? Twitter search results powered by Topsy ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ Insert this article url (Submit) Tweet Additional Resources Achieve Maximum ROI for Your Data Protection WHITE PAPER Achieve Maximum ROI for Your Data Protection Learn how to meet backup windows and restore SLAs, enable longer online retention for faster backup, achieve instantaneous restores and reduced complexity, and cut capital expenses with enterprise-class scalability and deduplication. Learn more. Business Continuity and Disaster Recovery Guide WHITE PAPER Business Continuity and Disaster Recovery Guide This Reference guide provides key information to address client access, server recovery and network load balancing to better manage your storage data. Download now. Avoiding the Hazards of IT Consolidation WHITE PAPER Avoiding the Hazards of IT Consolidation This technology brief investigates the processes and tools that are needed to provide complete enterprise visibility and WAN acceleration for high-priority traffic. Read now. Top Stories * E-voting security concerns overblown, officials say * Apple TV, Google TV and Roku duke it out * Mistype Twitter or Facebook, win an iPad (or not) * Microsoft buys chip company Canesta Security White Papers Intergrated App Firewall Security with NetScaler Protect your network from application-layer attacks and deliver apps without compromising performance. Free guide shows how you can benefit from having an app... Google Apps Messaging and Collaboration Products This paper will explain the ways Google creates a security-based platform for offering its Google Apps products, covering topics like information security, physical... Accounting Firm Improves Security and Reclaims Employee Productivity With NETGEAR® ProSecure® UTM50 Background Given the demands of running a busy accounting practice, OFW&F did not have the time or the resources to implement Internet access policies... Tolly Report: Malware Detection Evaluation against Competing Products The recent explosion of social media and Web 2.0 pose alarming operational risks to businesses that transform the threat landscape into an NxN... Achieving Security with Cloud PC Backup Read this paper to learn how Iron Mountain's heightened focus on security, privacy, and cost savings, goes beyond simple cloud storage to enterprise... All Security White Papers Security Webcasts Desktop virtualization keys innovation drive View now. Harnessing cloud technologies View the Podcast Now! Dallas Cowboys Stadium and HP View Now! Seven deadly sins of cloud security View Now! Managing Secure File Transfer to Save Time, Money and IT Resources Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with... All Security Webcasts IFRAME: http://computerworld.com/s/pages/static/newsletter-signup?taxonomyId=17&taxo nomyId=1 IT Jobs See All Jobs Post a job for $295 ___________________ ______________ (Submit) Go Jobs by SimplyHired Security White Papers | All Security White Papers * Intergrated App Firewall Security with NetScaler * Accounting Firm Improves Security and Reclaims Employee Productivity With NETGEAR® ProSecure® UTM50 Background * Achieving Security with Cloud PC Backup * IDC Topline Report: Are your PCs and Laptops Recovery and Discovery Ready? * Copeland Toyota Saves 70% in Data Protection Costs * Pilot House Awards recognizes Google Message Security for excellence * Securing Virtualization In Real World Environments * Hassle-free Compliance * Five Challenges to Continuous PCI DSS Compliance * The Benefits of Continuous Compliance * Google Apps Messaging and Collaboration Products * Tolly Report: Malware Detection Evaluation against Competing Products * How to Measure ROI for PC Online Backup * Compare PC Online Backup and Recovery Service Providers * The IT Manager's Role in Proactive Information Retention and Disposition Management * The Critical Need for Email Archiving * How Mature is your IT Risk Management? * Pulling the Plug on Legacy Log Management * Cyberwar Threats: New Security Strategies for Governments * Information Security and Multi-Compliance [;tagtype=iframe;tile=16;pos=bottomleaderboard;sz=728x90;] Sponsored Links * ESET NOD32 Antivirus with ThreatSense® - Get your free trial now! * ESET NOD32 Antivirus with ThreatSense® - Get your free trial now! * EMC unified storage is 20% more efficient. Guaranteed. * Level 3 goes beyond bandwidth to meet your network needs. Learn more. * Faster More Reliable Servers. Free Diskeeper Trial. * Make Your Computer faster with Diskeeper. Free Trial. * Speed up your network. Try Diskeeper FREE for 30 days. * NYU M.S. in Management and Systems Offered Online and On-site. * CXO's Guide to IT Gov: A Roadmap to Driving Alignment Btwn Business & IT * Fast, easy remote support of PCs, Macs and smartphones. * Scale app delivery capacity as demand grows. Free guide * ESET NOD32 Antivirus with ThreatSense® - Get your free trial now! * Incorporating Wireless into the BC Plan * Mobile Solutions On The Go And Ready For Action * The Value of Mobility * Three Steps to a Mobility Strategy * Data Warehousing >2x Faster: the New EMC Greenplum Appliance * Free download: web app delivery solution * See virtualization drama unfold on the Real (virtual) World. * Make distance history with Polycom telepresence. * ESET NOD32 Antivirus with ThreatSense® - Get your free trial now! * Choose imageRUNNER ADVANCE for effortless print device management. * Thinking about cloud? Learn the basics and get started today. Learn More * Extend hard drive life. Free Diskeeper 30-day trial. * FREE fully-functional 30-day trial of Diskeeper performance software. * Speed up your network. Try Diskeeper FREE for 30 days. * The Only Fragmentation Prevention solution Diskeeper * Accelerate Insight for Financial Services: Reduce Risk, Stop Fraud, Increase Profits. * Introducing free BlackBerry® Enterprise Server Express * On-demand remote support for PCs, Macs and smartphones. * Cloud Computing: How it benefits your business * Five Best Practices For Unified Communications * IPv6: The Next IP Standard * Mobilizing Enterprise Applications (MEAP) * The Value of Unified Communications * Why Virtualize? * ESET NOD32 Antivirus with ThreatSense® - Get your free trial now! * Remediating Applications when Migrating to Microsoft Windows 7 * See virtualization drama unfold on the Real (virtual) World. * Meet in HD. Get real-world telepresence case studies. Resource Center Ads by TechWords See your link here Skip to top * About Us * Advertise * Contacts * Editorial Calendar * Help Desk * Jobs at IDG * Privacy Policy * Reprints * Site Map The IDG Network: * CIO * Computerworld * CSO * DEMO * GamePro * Games.net * IDC * IDG * IDG Connect * IDG Knowledge Hub * IDG TechNetwork * IDG Ventures * InfoWorld * ITwhitepapers * ITworld * JavaWorld * LinuxWorld * Macworld * Network World * PC World Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.