Iowa Passes Breach Law
Laptop Security Blog Iowa Passes Breach Law
June 23rd, 2008
Author: arieanna
On May 10, Iowa enacted its own breach notification law, becoming the 42nd US state to do so. The bill will come into effect on July 1.
Bill S.F. 2308 requires businesses and government agencies to notify residents if their personal information has been accessed (if it is likely to do financial harm). Notice is not required if an investigation by the law enforcement agencies deems no financial harm can come of the risk. Encrypted information is not exempt from the notification requirement, unlike in many states. Given that many data breaches can be ruled out if they pose no risk for financial harm, it is my opinion that there will be a lot of public criticism of breaches when they do come to light. Such an investigation will likely delay the breach notification, which inevitably increases public scrutiny after a breach incident.
If you were to plot the adoption of data breach notification laws against time, the remaining states should all adopt their own law by some time in late 2011. Check out the graph here, realizing (of course) that statistics cannot be depended on to accurately gauge when (if ever) all states will adopt such a law.
I think it would be interesting, statistically speaking, to see if the trends in data breaches and legislative maneuvering could predict when one of the many data breach bills would pass at the national level.
Via emergent chaos, electran Tags: iowa, breach, breach notification, breach law, legislature, legal system, business, security, personal information
Category: Privacy & Security Laws | 
3 Comments »
I’m of the opinion that consumers should be given the knowledge and information to make the assessment of risk themselves.
Aside from the risk assessment, I think that data about corporate responsibility & consumer outreach should be a part of our buying decisions. Our loyalties.
So, I’d have to disagree with you there. :)
ya coustemers,know very well they have know only the timesence to take those risks
I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html –
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.