One of the nice things in this particular bill is the need to inform not only the media and law enforcement, but also credit reporting agencies. When Schwarzenegger recently vetoed the most recent bill to pass the California legislature, he made a comment about not wanting the Atourney General's office to be responsible for aggregating data - but we need someone to. If citizens don't have easily accessible information on how their data is being handled, they can't make rational choices - key for a free economy to work.

My colleague Chet blogged about the Schwarzenegger story here:

http://www.sophos.com/blogs/chetw/g/2009/10/19/schwarzenegger-denies-consumers-knowledge-stolen-data/

Hopefully the Senate passes this bill and it makes it into law - the US could definitely benefit from nation-wide data breach laws.

Michael Argast, Security Analyst, Sophos