Let’s get a national breach notification requirement once and for all

If Watergate taught us anything it’s that the cover-up almost always ends up being worse than the crime. Apparently the wunderkind who run Google were apparently spending too much time programing to absorb this basic lesson of history. On Monday they announced in this incredibly cryptic blog that the personal information of hundreds of thousands of users had been compromised.

So what Henry? Data breaches have become as common place as political rancor. What really is going to get Google in trouble is the cavalier way in which it decided to withhold information from the general public, correctly concluding, according to the Wall Street Journal that the legal liability it faced for disclosing the breach was more than outweighed by the PR hit it would take. Ironically, its actions underscore precisely why it’s time to have a clearly articulated federal standard for reporting data breaches.

As a citizen who can’t avoid using Google even if I wanted to, I deserve to know when my personal identity is at risk. And as a lawyer who advises organizations that have to often clean up the messes caused by data breaches,  it’s time to have clear rules of the road. Right now there is too big of a divergence between doing the right thing and what is legally required.


continue reading »

More News