confirming victims of data breaches?

["Rob Shavell" <rshavell () identityforce com>]

hi all,

as notification laws proliferate, i'm wondering, w/out a notification
letter, can consumers themselves really confirm if they are part of a
breach?

in my experience, calling up a company directly to ask if you are
affected by a breach results in a canned response saying "did you get
a letter"? or "contact your credit card company"

do companies have any responsibility to tell those who may have NOT
YET received a notification (state doesn't require it, moved,
whatever) that they are indeed affected?  if not, doesn't this reality
counter the spirit of the laws and companies doing the right thing?

i understand that SSNbreach (and maybe others?) are trying to do
something about this. is there any way to empower consumers here?

rgds,
rob
___________________
Rob Shavell
Director of Compliance
IdentityForce
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml