This is an article I found this morning on one of my favorite subjects. I think everyone should spend a bit more time and do a small amount of research, and protect yourselves. It appears as if there is finally enough trouble being caused by this crime for Legislators to step in and try and help the consumer. If you ask me, they should of done this a few years ago. But apparently they prefer for things to be out of hand before they attempt to stop them. Legislators have propesed what appears to be just an idea at this point.

Under the bill, companies must notify customers whenever their personal data--such as Social Security, driver's license, credit, or debit card numbers--are compromised through computer hacking or other unauthorized access.

Companies that fail to comply would be fined up to $5000 per violation or up to $25,000 each day.
So far it sounds pretty good for us. So does this include basic defacements?

Some companies like TriWest notify their customers immediately, while others are more reticent because they fear the public's response to an admission of failure in the security infrastructure. TriWest's McIntyre said none of the customers affected by the stolen database had reported fraud or other related identity-theft problems. TriWest deployed a communication plan that included press alerts and letters to its customers whose personal data had been compromised.
It would be easier to clean up a mess right away, then to try and hide it and not attempt to clean it up at all.

The bill would exempt companies from notifying their customers under the following circumstances:

1:/>The stolen data is encrypted.

2:/>The notification costs are too expensive or impractical. The company may use alternative notice in such cases. For example, it may post announcements in major media outlets or on the company Web site.

3:/>The company already has developed a "reasonable" notification policy. A Feinstein spokesperson says the FTC would determine what is reasonable.
We'll you had my support to begin with. But you had to go and suggest limitations.
Unless they are of course too expensive. What kinda lame duck **** is that? So instead you make a general announcment. You should have to notify each person.

Either make the companies responsable for their end, or remove the right to store data. My ideas are as far fetched as thiers in my opinion. They are currently failing us, so something has to be done.

None the less the Full story is here.

Tell me what you think.