Bart Lazar Published in Techworld "US Data Breach Laws a Waste of Time"

Bart Lazar’s article, “US Data Breach Laws a Waste of Time,” published in the June 12, 2008 issue of Techworld, discussed the efficiency of the database security laws passed in 39 states.

Bart noted, “Although the goal of these laws is to prevent identity theft, there is no credible evidence that demonstrates that the supposed benefit to consumers outweighs the administrative burden and expense caused to companies. Because the alleged benefits are illusory, a company’s time and resources would be better spent on proactive efforts to prevent data breaches.”

Bart further noted Javelin Strategy & Research’s findings that show, “The vast majority of identity theft issues arise, not from security breaches relating to data held by third parties (which is what the state database security laws typically address), but from telephone scams, lost wallets and security breaches on consumers’ own computers because of failure to use proper software.”

In conclusion, Bart observed, “Companies are spending serious money on notifications, millions that could be better spent on improving security procedures, technology and training…. [T]he privacy and security interests of our citizens may be better served if the money spent on reacting to security breaches as part of a legislated incident response instead was invested on a proactive basis...”