No One Disclosing Security Breaches, Despite New Law
from the law?--what-law? dept
There was a lot of hype earlier this year when the California law requiring companies (even those not in California) to tell any California customers whose private data may have been exposed in a security breach. Some were afraid there would be a deluge of such reports - often when no actual information had gotten out. However, since the law went into effect there's been an awful lot of silence. Before the law most companies liked to keep as quiet as possible - and after the law went into effect, nothing has changed. Basically, most companies would much rather keep things secret and fix the problem than reveal it, no matter what the law says. In some cases, the companies simply don't realize that their data has been exposed, but plenty of companies, I'm sure, are just trying to handle the problem internally - whether they know about the law or not. There's been some talk about using this law as a model for federal legislation, and results would likely be the same. About the only cases where this law will go into effect is in punishing companies down the road after it's been discovered they violated it (willingly or not).