Identity theft and personal privacy have become extremely important issues for IT compliance executives and there has been a proliferation of state-level legislation requiring breaches of individual privacy to be notified.
• Security breach notification laws require companies and other entities that have lost data to notify affected consumers.
• Security freeze laws allow consumers to prevent identity theft by freezing their credit reports from access for new credit.
These laws are largely based on the Federation of State Public Interest Research Groups’ Consumers Union Clean Credit and Identity Theft Model Act. 2 The first relevant state-level breach notification law was California’s SB-1386, which provided ...