In the world of security breach, the momentum has clearly shifted to the states, maybe this time for good. More than thirty-five states have already enacted breachnotification
statutes. This trend may be unstoppable, with Congress unable to find common ground to settle on a national breach-notification standard.
If anything, the trend toward state control may be accelerating. In the past few months, following the
mass data compromise of over 46 million credit and debit cards used at TJX Companies stores, the states appear ready to take things even further. At least six states—California, Connecticut, Illinois, Massachusetts, Minnesota, and Texas—may soon enact legislation that shifts to merchants on a strict liability basis the financial responsibility for security breaches occurring within their merchant systems.
Please see full publication below for more information.