by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2015
GCN JULY 2015 • GCN.COM 31 case study BY SARAH BREITENBACH DATA BREACHES Pending legislation would enforce a definition of personal information that is narrower than what many states use States at odds with feds on data breach proposals As Americans’ personal infor- mation continues to move online, everything from medical records to mothers’ maiden names, Social Security numbers and fingerprints are increasingly up for grabs. And the states and the federal government are at odds over how to respond. Since California first began enforc- ing data breach reporting require- ments in 2003, 46 other states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have implemented varying degrees of regulation, including requirements to provide free credit monitoring to victims, quickly notify consumers of a breach and tell state attorneys gen- eral or other agencies about compro- mised records. States are toughening their laws by broadening the definition of “person- al data,” requiring timelier reporting and expanding the number of people or agencies companies must notify. In contrast, Congress is just now coalescing around federal standards. Pending legislation would preempt state laws and enforce a definition of personal information that is narrower than what many states use. Caught in the middle are businesses, which would prefer a single federal stan- dard to the different state requirements, and consumers, who must scramble to protect their bank accounts, credit cards and credit worthiness from thieves who steal their identities. Scott Talbott, senior vice president of government affairs at the Electronic Transactions Association — which rep- resents banks, companies that make credit card swipe terminals and online payment companies — said his organi- zation welcomes a tough federal stan- dard. Without one, reporting breaches will continue to be a cumbersome and expensive task, he added. “Letting consumers know what to ex- pect with one law we think is preferable, is more efficient and works better for all parties involved in the current system,” Talbott said. David Thaw, an assistant professor of law and information sciences at the Uni- versity of Pittsburgh, said the proposed federal Data Security and Breach Noti- fication Act of 2015 is just a reporting law — one that is less stringent than many state laws. What’s really needed is a broad federal law that would require compa- nies to better protect consumers’ information and privacy from breaches, he added. He said the patchwork of state laws more effectively protects consumers, and complying with them is not as hard as compa- nies say it is. “I am 100 percent certain I could write a computer program [that] would take all of the in- puts from a given data breach and spit out all the notification letters,” he said. “It’s not hard. There are very good attorneys out there who can put out all the notifications for all the jurisdictions and get it right and get it done.” BREACH REPORTING ACROSS THE STATES According to the Identity Theft Resource Center, there have been more than 5,000 breaches in the United States af- fecting more than 780 million records containing personal information since 2005, when the center began tracking them. So far this year there have been Data breaches by the numbers $6.5 million the average cost of a data breach to a U.S . company in 2015 5,000 / 780 million number of breaches in the U.S . since 2005 and number of records affected 348 / 100 million number of breaches in the U.S. this year and number of records affected 0715gcn_031-032.indd 31 7/1/15 10:15 AM