Personal data security breaches are being reported with increasing regularity. Within the past few years, numerous examples of data such as Social Security, bank account, credit card, and driverís license numbers, as well as medical and student records have been compromised. A major reason for the increased awareness of these security breaches is a California law that requires notice of security breaches to the affected individuals. This law, implemented in July 2003, was the first of its kind in the nation.
State data security breach notification laws require companies and other entities that have lost data to notify affected consumers. As of January 2007, 35 states have enacted legislation requiring companies or state agencies to disclose security breaches involving personal information. Congress is considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. In the past three years, multiple measures have been introduced, but to date, none have been enacted.