March 2009 SBN Symposium
Security Breach Notification Six Years Later
Lessons Learned About Identity Theft and Directions for the Future
March 6, 2009
Berkeley Center for Law & Technology
Berkeley Technology Law Journal
Samuelson Law, Technology & Public Policy Clinic
Shidler Center for Law, Commerce & Technology
In 2003, California led the way in enacting Security Breach Notification (SBN) laws, which require data holders, including many businesses and government agencies, to tell consumers when personal information has been lost or accessed by others without authorization. In the past six years, many breaches have been disclosed, implicating hundreds of millions of records about individuals. Many questions remain concerning the scope of SBN laws, their effectiveness and cost, the incentives and disincentives created by SBN laws, and the nature of the duty of care emerging from expanding SBN and information security laws.
The BCLT/BTLJ 2009 Symposium will organize leading thinkers and key decision makers from law, computer science, and economics to present original scholarship on these issues and make recommendations for federal data security approaches.