The announcement on April 12 of a "massive theft of personal data" from the LexisNexis computer systems, and other similar recent announcements, may suggest that computer security breaches are on the rise. In reality, however, it is new Californian data privacy laws that have begun to force companies to disclose and respond to breaches that previously would have not been made public, says a noted privacy lawyer with White & Case. "While this latest news and other recently announced breaches involving established, reputable companies have captured growing attention, there's no evidence that the overall number of security breaches is on the rise. Rather the increasing crescendo of security breach disclosures is a consequence of the California statute requiring database owners to notify California residents, essentially one out of every eight Americans, of breaches involving their data," said White & Case privacy and intellectual property lawyer David Bender, author of the four-volume Computer Law: Software Protection and Litigation. "The era characterized by the industry's 'dirty little secret' — that only a tiny percentage of breaches are ever disclosed—is over." Bender added that while the enhanced disclosure requirements may perhaps shine an unwelcome spotlight on the disclosing companies and the problem of data theft in general, the statute actually fits in well with the way businesses operate in the United States.
展开▼