Privacy advocates don’t like personal data warehouse businesses (like credit reporting agencies) to begin with. I believe that if it was up to them, there would be no data, and of course our consumer spending-based economy would grind to a halt. But the companies in question have fallen victim to a lot of data theft as of late (think Choicepoint, Bank of America), and the hows and whens of notifying the end consumer who is the subject of all that data is rearing its ugly head again.
I think quick notification must be the protocol, but I do not think that we need consumers running around suing companies for their ID theft – the two just don’t fit together. The average consumer barely knows what data is actually gathered on them to begin with. If you notify them of a breach, they are going to start suing for ridiculous sums, even if no damage is done. And, as things go with lawsuits, the only ones who stand to benefit are the attorneys in the middle.
Let legislate this issue straight, with some simple, common sense protocols which put the onus of notification and reparation on the data reporting agency, but not lock them down so far that consumer data can’t flow easily enough for me to get that Mercedes lease (not).