Don't expect a federal anti-breach law

California was the first state to pass a data breach law in 2003. Now, 44 states have laws that lay out a variety of different requirements for companies to notify consumers and businesses when sensitive information has been compromised. Although states have acted, there is no federal law creating a uniform national standard, and it's unlikely that one will come out of Congress anytime soon.

Chris Wolf, a Washington, D.C., attorney with Proskauer Rose LLP and chair of its privacy and security practice group, said the battle lines have been drawn between business interests and consumers groups, making a compromise unlikely. A lot of businesses want to have a very high threshold for notification that gives them a lot of discretion on when to notify,'' he told CSO Magazine. "And many consumer groups think too much discretion will mean not enough notice is given to consumers. So you have that tension and this battle and, as a result, the issue is deadlocked."

Wolf also said that Congress is facing many other priorities, placing this issue on the backburner.

"Consumers are not left unprotected with the current state of affairs, and it takes the pressure off of Congress to create a legislative remedy. But it is very difficult to comply with this patchwork quilt of laws," Wolf said.

For more on the lack of a federal security notification law:
- check out this NetworkWorld. com article

Related Articles:
Notification laws have not cut ID theft
U.S. federal government news from FierceCIO