About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

32 Wash. U. J. L. & Pol'y 467 (2010)
Data Breach Notification Laws: An Argument for a Comprehensive Federal Law to Protect Consumer Data

handle is hein.journals/wajlp32 and id is 469 raw text is: Data Breach Notification Laws: An Argument for a
Comprehensive Federal Law to Protect Consumer
Data
Jill Joerling*
INTRODUCTION
During the past four years, over 354,140,197 pieces of personal
identifying information have been compromised as a result of data
breaches.1 These breaches have imposed a huge financial burden on
both companies and consumers.2 As a result, forty-six states have
enacted legislation seeking to protect consumers by requiring
companies to notify them when their personal information is
compromised as the result of a data breach.3 This notification allows
consumers to take action to protect their information from identity
theft.4
* J.D. (2010), Washington University School of Law; B.A. (2006), English Literature
and Religious Studies, University of Virginia. I would like to thank my family for their support
and advice. Additional thanks to my fellow editors and the staff of the Washington University
Journal of Law & Policy for their hard work and enthusiasm.
1. See Privacy Rights Clearinghouse, Chronology of Data Breaches, http://privacyrights.
org/ar/ChronDataBreaches.htm CP (last visited May 7, 2010).
2. One study, released by the Ponemon Institute in October 2006, found that information
losses to U.S. companies averaged $182 per lost customer record, an increase of 30 percent
over 2005 results. The average total cost per reporting company was $4.8 million per breach
and ranged from $226,000 to $22 million. PONEMON INSTITUTE, 2006 ANNUAL STUDY: COST
OF A DATA BREACH (2006), http://download.egp.com/pdfs/Ponemon2-Breach-Survey_061020_
F.pdf. See also Tech//404, Tech//404 Data Loss Cost Calculator, http://www.tech-404.com/
calculator.html (last visited Oct. 22, 2009) (providing the estimated cost of a breach based on
number of affected records).
3. See infra note 34.
4. See Consumer Survey on Data Breach Notification, 2008 JAVELIN STRATEGY &
RESEARCH, available at httpJ/www.docstoc.com/docs/952213/2620_/Javelin-Research-Consumer-
Survey-Data-Breach-Notification-June-2008. [W]hile notification allows the consumer to take
protective action and to monitor their accounts more closely, from a customer service
perspective, it is to the advantage of the institution to be proactive and offer assistance on behalf
of the customer, especially if the exposed data is highly sensitive. Id.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most