From CNET News
Lawmaker: Consumers need details in data breach warnings
By Elinor Mills
BERKELEY, Calif.--Six years after California enacted the country's first data breach notification law, many state residents have received letters warning them that their data was exposed by a breach but usually they don't know how or how long, experts said at a privacy conference on Friday.
That would change with the passage of a measure proposed by California State Sen. Joe Simitian, who authored the country's first bill requiring companies to notify customers when a breach has occurred that exposes their data.
Senate Bill 20 would require that notification letters to consumers have a standard set of information such as information about the timing and circumstances of the breach.
It would also require that a state entity be notified at the same time so that law enforcement, lawmakers, and researchers "can spot larger trends and don't have to rely on what they read in the newspaper," Simitian said in a luncheon address at the Security Breach Notification Symposium [hosted by the School of Information] in Berkeley....
Surprisingly, identity theft due to data breaches dropped only 2 percent after adoption of the laws, said Alessandro Acquisti, an assistant professor at Carnegie Melon University [and I School alumnus]. However, that rate is in the range of impacts with other types of disclosures, like stock price drops after a company discloses a toxic waste issue, he said.
Of consumers who have been notified that their data may have been exposed during a data breach, 20 percent claim they ended their relationship with the company breached but the actual churn rate is less than 7 percent, said Deirdre Mulligan, assistant professor at the School of Information at the University of California at Berkeley....