US Data-Breach Laws up for Debate, to Notify or Not?


US Data-Breach Laws up for Debate

The United States Congress will soon be debating proposed changes to the data-breach laws that would give corporations more flexibility in determining whether the loss of sensitive data was serious enough to notify their customers.

Given that an average data breach cost $145 per record exposed - quoted by an IBM study in the article - and the tremendous impact it has on a brand, it seems only logical the US government would look to minimize the impact of cybersecurity intrusions and potential data loss have on corporations. While optimizing the level of transparency between corporations and customers is important, the real goal should be toward reducing the cybersecurity risk to both the corporations and their customers that adaptive data loss prevention accomplishes. In fact, Clearswift recently launched a game changing adaptive DLP technology to help enable even greater use of customer sensitive data within corporation without compromising security.


Article abstract

U.S. companies wouldn’t have to disclose some cybersecurity breaches under proposed legislation introduced in both chambers of Congress in recent months.

Under the proposed legislation, companies would be allowed to decide whether a breach of consumer data merits notifying customers. Under the proposals, companies would need to quickly notify customers about an intrusion if they believe there is a risk that the breach would lead to serious identity theft or fraud. But if companies believe there is no reasonable chance that a breach will hurt customers, the proposed legislation would allow them to keep it under wraps.