RL33199
Personal Data Security Breaches: Context and Incident Summaries
December 16, 2005
Download Locations
Summary
Personal data security breaches are occurring with increasing regularity. Within the last few years, numerous examples of data such as Social Security numbers, bank account, credit card, driver's license numbers, and medical and student records have been compromised. A major reason for the increased awareness of these security breaches is a California law that requires notice of security breaches to the affected individuals. This law was the first of its kind in the nation, implemented in July 2003. State security breach notification laws require companies and other entities that have lost data to notify affected consumers. Over half the states considered security breach notice and security freeze legislation in 2005, and several states passed laws requiring that individuals be notified of security breaches. Congress is considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. Multiple measures were introduced in 2005, but to date, none have been enacted. This report will be updated regularly.
