Citation[]
Government Accountability Office, Data Security Breaches: Context and Incident Summaries (CRS Report RL33199) (May 7, 2007) (full-text).
Overview[]
This report discusses state data security breach notification laws that require companies and other entities that have lost data to notify affected consumers. As of January 2007, 35 states have enacted legislation requiring companies or state agencies to disclose security breaches involving personal information.
Congress was considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. In the past three years, multiple measures have been introduced, but to date, none have been enacted.