Scott Granneman, in The Register, joins the chorus of those calling for stronger privacy laws in the United States:
Privacy from the trenches | The Register:
"... I hate to involve the government unless it's necessary, but I think something's got to give here. We can't rely on companies, schools, and organizations policing themselves. That's obviously a terrible failure. We need federal legislation to mandate that organizations that experience data thefts must notify those affected by the breach in a timely manner. As Mark Rasch stated earlier this week, recent legislation was passed that requires this for all financial institutions in the U.S., but all other companies are still off the hook. Right now, a few states have such a law -- California is one, which is why ChoicePoint even had to make its embarrassing revelation in the first place -- but there is no federal, all-encompassing requirement for anything but financial institutions (and even that law is very recent). This needs to change, and soon. Other states have proposed legislation, but it varies from state-to-state. A new federal law would be a great start. Right after that, a few class-action lawsuits against particularly egregious carelessness might also wake companies and schools up to the necessity of protecting data. Again, I don't like bringing in the lawyers, but to paraphrase the great Dr. Samuel Johnson, 'Depend upon it, sir, when a man knows he is to be sued in a fortnight, it concentrates his mind wonderfully.'..."