My personal opinion is that this law is a long time coming. It forces companies to start fixing security issues instead of just hiding the breach behind closed doors. Does this law affect Web site operators individually? No. This law applies to any intrusion that compromises "confidential data," which includes anything from a Web application issue to someone stealing backup tapes from the server room.
I think this law will severely affect the way Web sites are developed, tested and managed because security now becomes a requirement. You may see a lot of employers starting to require their Web developers and server administrators have security training and certificates. You will also see several new policies that get put into place regarding the Web application and how it processes confidential data. No longer can you get away with hiring a college kid with no security training to help develop a Web application that accepts user data. You might want to rethink whom you hire to develop your Web apps as a data breach can mean your business if that law passes.
* Congress seeks to alter legal landscape for data breaches
* Complying with breach notification laws
This was first published in May 2006