A majority of states have data security breach notification laws, but so far there's no nationwide provision. California first enacted its notification law in 2003, and other states followed suit.
At the federal level, a number of U.S. senators have backed breach notification laws, but no bills have passed congressional muster. President Barack Obama proposed such legislation in 2015. With the January inauguration of Donald Trump as the next U.S. president, it remains to be seen whether a federal breach notification law will take effect in the next four years, or longer.
When Yahoo disclosed in September a separate hack dating back to 2014, U.S. Sen. Mark Warner, D-Va., renewed calls for bipartisan legislation to create a uniform data breach notification standard and co-founded the bipartisan Senate Cybersecurity Caucus. "Action from Congress to create a uniform data breach notification standard ... is long overdue," Warner said at the time.
One analyst, Jack Gold of J. Gold Associates, questioned whether a national breach notification law would be effective. "There are disclosure laws in many states and there are some government regulations that require disclosure, but I'm not sure it has any effect if companies lie about a hack or don't disclose it," he said.
Sign up for Computerworld eNewsletters.