Public Breach Disclosure Laws Up the Ante on Security—But Do They Work as Intended?

By David Taylor and Kall Loper, Protiviti Managing Directors, Technology Consulting, Security and Privacy

screenshot of the first page of Public Breach Disclosure Laws Up the Ante on Security

On January 3, The Massachusetts Office of Consumer Affairs and Business Regulation announced that it will report all data breaches to a publicly accessible state website. Previously, this information could only be obtained with a public record request. Just before this, forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands enacted laws requiring companies transacting business with residents of their state to report data breaches.

Any law that intends to protect consumers is, on its face, a good one. But is the public data breach site going to have the effect intended? Faced with a public breach disclosure, there is a tendency for companies to seek to end the pain of public exposure as quickly as possible.

This document is available to paid subscribers only.

Topics: Disaster Recovery, Whistleblower/Complaint Reporting, Consumer Products & Retail Industry, Data Security, Identity and Access Management, IT Security, Privacy, IT Risk, IT Audit

Create Account

Free 30 Day Trial

Single Subscription

Group Free 30 Day Trial

Group Subscription

Already have an account? Login

See subscription details and pricing.

Related Resources

Data Breach Notification Memo

Manage Security and Privacy RCM

Will Hiring Hackers Help Energy’s Cybersecurity Efforts?

View All KnowledgeLeader Risk and Control Matrices (RCMs)