Security Breach Legislation

Security Breach Legislation: "2005 Breach of Information Legislation
Last update: April 11, 2005
In February 2005, ChoicePoint, a corporation that collects and compiles information that includes personal and financial information on millions of consumers, disclosed that it been the victim of a security breach wherein it had sold personal information of almost 145,000 people to a criminal enterprise. The company first disclosed the breach only to California residents, as required by California's Notice of Security Breach law, enacted in 2002. However, the company later disclosed that residents in other states, the District of Columbia and three territories also may have been affected by the ChoicePoint breach (see List of states affected by ChoicePoint).
Since these disclosures, additional states have introduced legislation requiring that companies and/or state agencies disclose to consumers security breaches involving personal information. NCSL's Identity Theft Web page has additional information on related legislation.
Summary: Legislation is being considered in at least 28 states as of April 11, 2005. Status is indicated after bill has passed one house.
(See also 2004, 2003, and 2002 legislation.) "