According to reports we've discussed before, more than half of organizations fail to disclose data breaches, despite legal requirements to do so. However, a number of data security bills sit before House and Senate lawmakers that could result in data breach notifications falling by 50%.
These bills would reduce notification by having a 'harm threshold' defined for a level of 'reasonable risk'. However, who determines this level of risk? As yet, the proposed legislation acts leave that element as subjection.
Some, including the author at DataBreaches.net, argue in favour of more data breach notifications, not fewer. Aside from giving consumers the information they need to make decisions on whom to trust, there are also other great reasons for breach notification laws.
What do you think about this? Do you support fewer notification requirements?