Kevin Drum echoes Charle’s Kuffner’s concern that congress will, if it enacts a security breach protection law similar to California’s, preemptively dilute California’s law in the process. Kuffner says:
For the rest of us, what we want here is the same protections that Californians currently enjoy. Anything less is unacceptable.
well, yes, but are after the fact disclosure laws really protections? Certainly miscreants like Choicepoint should be obligated to disclose to one and all when someone’s personal information has been breached. It seems to me, though, that protection should happen before the event not after and that, as I have noted before, the minimum acceptable starting point must be along the lines of:
No institution, government or private, can be allowed to collect or distribute, for free or for fee, to any private or government entity any information about an individual without that individual’s specific consent on a per incident basis and if the distribution is for a fee then that individual must be compensated at a rate agreeable to the individual.
Violations should be treated as felonies and violators must reimburse violated individual(s) for all related losses including legal costs related to the disclosure.