CA Law Demands Public Disclosure Of Break-Ins

AuntieMisha writes "BusinessWeek has an article about a new California law passed that requires businesses to publicly disclose information about break-ins. The only loophole is if there is an ongoing investigation and if the disclosure would harm the investigation. IMHO Big companies will have the resources to set up investigations even when they know it is unlikely to get anywhere, and business will go on as usual for them. Small businesses that don't have the resources to maintain an investigation will have their reputations ruined. Also, the article doesn't mention the contingency where a break-in occurs because of a software/hardware issue for which there is no released technical solution (i.e. anyone else who has software X would be susceptible to the same type of break-in). This is not good."

Re:But how do you enforce this?

[bovilexics]

From the article...

• Come July 1, 2003, those who fail to disclose that a breach has occurred could be liable for civil damages or face class actions.

They (the CA government) don't need to audit or enforce anything. It is self-enforcing for those businesses that feel they may be sued and have to pay monetary payments for NOT reporting the incident. If a given company doesn't feel it can be successfully sued due to the incident then there probably wouldn't be a public reporting of it.

It's just a CYA that would have to be handled on a case by case basis for each company and wouldn't be enforced by auditors and the like.

Re:The bigger picture

[Kamel+Jockey]

that won't help me if Bob Hacker over here can make it look like I never invested in the first place

For some of us, this could be a very good thing!