Why Didn't I Receive Written Notification of My Bank's Data Breach?

There have been 145 breaches so far in 2007 which have produced over 58,000,000 'at risk' records for potential identity theft. How many of these people have not received written notification that they are 'at risk' for identity theft due to the breach? It happens more than you think.

Currently there is no federal law mandating consumer breach notification, only state laws and then only certain states have notification laws. Some states do not require firms to notify consumers of a breach if there is no 'reasonable likelihood of harm' to the individual. The term 'reasonable likelihood of harm' is open to the subjective interpretation by the breached firm. From a person whose information is now 'at risk' for identity theft due to a firm's data breach, you ask, "Why are these firms not required to notify me?" Let's take a closer look.

Bills have been introduced but not passed at the Federal level to create a unified breach notification law for all 50 states. This would make it so firms know exactly what they are dealing with and not have to keep up with the different laws of 50 states. However, many state attorney generals have requested that Congress enforce state security breach laws and not preempt them with a Federal law.

According to the Ponemon Institute in November 2006, the average cost of dealing with a data breach rose to $182 per person. A federal data breach notification law could be a two edged sword. Here is why.

Firm XYZ ships an insured encrypted disk containing 200,000 records with a well known overnight delivery service. The delivery service looses the disk. Firm XYZ has done everything properly but this is still a data breach. With the XYZ breach of 200,000 records, this cost is $36.4 million dollars. This expense could possibly put the firm out of business entirely. The other side of the coin is that if they do not notify their consumers of the breach, they could possibly loose customers, slow the firm's growth, loose vendors and contracts and possibly never regain their former level of success. So what is the answer?

The answer is simple, lower the cost per record of a data breach. To combat this strain on businesses and to help consumers stay informed, Identity Theft America offers IDSafeBIZ. This program is designed to help the nation's business community to pre-plan and save thousands in case of data breach or identity theft within the organization.

IDSafeBIZ members pay a small annual retainer and if they experience a data breach, they only pay $2.00 PER RECORD for a complete turn-key response, plus services for those affected.

If an IDSafeBIZ member has the need for a data breach response program and can find a better price for the same services, IDSafeBIZ will refund the annual retainer. It's just that simple, firms save money and consumers are notified.