[ news_security_news ]
Indiana Fights ID Theft
Chris Crum
Staff Writer
2006-06-06
 Insider Reports RSS Feed
As more and more stories about identity theft flood the headlines, the state of Indiana has taken it upon itself to make a new law.
The law says that companies that experience data theft MUST notify their customers whose information was compromised.
This is obviously to warn the customers so they can take precautions to avoid being severely affected by the theft.
The law applies to situations where only one person's info is compromised just as it does to situations where thousands of people's info is. According to Bryan Corbin of CourierPress:
The Indiana law says a business or database owner must notify affected Hoosiers of security breaches "without unreasonable delay." If more than 1,000 people are affected, the company also must notify the three credit bureaus. "That way, the credit bureaus will be able to flag their reports to protect them," Schneider [Staci Schneider, spokeswoman for the Indiana Attorney General's Office] said. If the company fails to notify customers, the law says the attorney general can sue and seek penalties of up to $150,000.
But critics have questioned whether the law goes far enough. If more than 500,000 people are affected by the security breach, or if cost of notifying victims exceeds $250,000, then the database owner can make its official notification simply by a posting on its Web site or by a news release to the media, the law says. And the law does not precisely define how much time the business has to notify customers.
Concern for these things will be handled on a "case-by-case" basis according to Schneider. Those who wish to file complaints on the subject can do so at this website.
Tags: identity theft, Indiana law
Add to Del.icio.us | DiggThis | Yahoo! My Web | Furl
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
