Breach Numbers Released, Some Not Recorded
DATA PROTECTION—U.S.July 13, 2010
InformationWeek reports that the Identity Theft Resource Center (ITRC) has recorded 341 data breaches within the first six months of 2010. However, the ITRC says that hundreds more occurred but were not reported due to loopholes in breach notification requirements. A Department of Health and Human Services (HHS) guideline, for example, states that if an organization determines a breach has not caused "significant risk of financial, reputational or other harm to individual," then the breach does not have to be reported. This type of exception may contribute to lower reporting numbers, the ITRC says. "Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures."