Breach of Information

In February 2005, ChoicePoint, a corporation that collects and compiles information that includes personal and financial information on millions of consumers, disclosed that it been the victim of a security breach wherein it had sold personal information of almost 145,000 people to a criminal enterprise.  The company first disclosed the breach only to California residents, as required by California's Notice of Security Breach law (Cal. Civil Code §1798.29), enacted in 2002.  However, the company later disclosed that residents in other states, the District of Columbia and three territories also may have been affected by the ChoicePoint breach.  Numerous other breaches of security at corporations, government agencies, and educational institutions have since been reported, and a majority of states have enacted security breach disclosure laws.

Security Breach Notification Legislation/Laws

• Security Breach Laws
• 2009 Legislation
• 2008 Legislation
• 2007 Legislation
• 2006 Legislation
• 2005 Legislation
• 2004, 2003, and 2002 Legislation

Related NCSL Links

• Right to Know, State Legislatures, December 2008
• NCSL Financial Crimes Page
• NCSL Financial Privacy Legislation Page

Selected External Reports & Resources

•  Recommended Practices on Notice of Security Breach Involving Personal Information (May 2008), California Office of Information Security and Privacy Protection

• Security Breach First Steps (privacy protection recommendations for breaches involving Social Security numbers only)

•  

NCSL Contact: Pam Greenberg,  NCSL Denver Office, 303-364-7700