Information Security and Data Breach Notification Safeguards

Abstract

Information security and breach notification requirements are imposed on some entities that own, possess, or license sensitive personal information. Information security standards are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to personally identifiable information for unauthorized purposes. Data breach notification requirements obligate covered entities to provide notice to affected persons (e.g., cardholders, customers) about the occurrence of a data security breach involving personally identifiable information. The first data breach notification law was enacted in 2002-- S.B. 1386, the California Security Breach Notification Act. It requires any state agency, person, or business that owns or licenses computerized personal information to disclose any breach of a resident's personal information. S.B. 1386 was the model for subsequent data breach notification laws enacted by many states and Congress. California's law and other similar federal and state laws require the disclosure of security breaches of personal information. Major data security breaches have been disclosed by the nation's largest information brokerage firms, retailers, companies, universities, and government agencies. From February 2005 to December 2006, 100 million personal records were reportedly lost or exposed. Massive data security breaches in 2005, 2006, and 2007 have heightened interest in the security of personal information; in the business and regulation of data brokers; in the liability of retailers, credit card issuers, payment processors, banks, and furnishers of credit reports for third party companies costs arising from data breaches; and in remedies available to individuals whose personal information was accessed without authorization.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 31, 2007
Accession Number
ADA471179

Entities

People

  • Gina M. Stevens

Organizations

  • Library of Congress

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Commerce
  • Computer Access Control
  • Congress
  • Contractors
  • Department Of Veterans Affairs
  • Employment
  • Health Care
  • Information Security
  • Information Systems
  • Law
  • Mobile Devices
  • National Security
  • Personnel Management
  • Risk
  • Risk Analysis
  • Security
  • Unauthorized Disclosure

Readers

  • Economics
  • Government Contracting/Procurement.