tag:blogger.com,1999:blog-1913143473082500114.post8787303193425649136..comments2008-06-23T15:34:21.567-07:00William Morrisshttp://www.blogger.com/profile/09679044599000737422noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1913143473082500114.post-79761692186491090312008-06-23T15:34:00.000-07:002008-06-23T15:34:00.000-07:00I am also curious as to the scope fo these notification laws. As in California (sb1386), the majority of them are limited to unencrypted data held on computers. The Massachusetts law seems to be much broader and includes hard copy data. From what I have seen "investigative" language in most instances allow the company to delay notification almost indefinitely if an investigation is ongoing to find the source of the breach. It seems to me that these are largely toothless laws if the thrust is to notify potential victims in a timely manner so they can be on guard to protect themselves.<BR/><BR/>As gratelful as I am that these laws exist I can't help but to be frustrated by the shortsightedness regarding identity theft. Ideally we should have laws that are designed to protect the individual victim while at the same time provide for a penalty to the company for not acting in a timely fashion when a breach or loss occurs. Like anything it is sad to say that business will not take this seriously until the 800 pound gorilla sits on them first.<BR/>Just a thought,<BR/>JohnJohn Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com