CA Law Demands Public Disclosure Of Break-Ins

AuntieMisha writes "BusinessWeek has an article about a new California law passed that requires businesses to publicly disclose information about break-ins. The only loophole is if there is an ongoing investigation and if the disclosure would harm the investigation. IMHO Big companies will have the resources to set up investigations even when they know it is unlikely to get anywhere, and business will go on as usual for them. Small businesses that don't have the resources to maintain an investigation will have their reputations ruined. Also, the article doesn't mention the contingency where a break-in occurs because of a software/hardware issue for which there is no released technical solution (i.e. anyone else who has software X would be susceptible to the same type of break-in). This is not good."

Some crucial missing words...

[Otter]

Note that this legislation "mandates public disclosure of computer-security breaches in which confidential information may have been compromised". It doesn't mean that any web server that gets owned has to be publically reported.

Maybe that's obvious to the submitter, but I was horrified that such a burdensome and unnecessary law was passed. And reading other posts, a lot of others didn't get it either.