With frequent reports of lost backup tapes, stolen laptops, and database breaches, it's time to look at the new laws and regulations that protect the privacy of data.
The reason we're hearing about all of the breaches and loss of data is because of a law first passed in California and then enacted by most other states that requires organizations to notify individuals when their private data (e.g., social security number, bank account number, credit card number, or driver's license number) has been lost, breached, or thought to have been breached. As of this writing, 38 states have passed some version of a breach notification law. Most states provide some form of exemption from notification if the lost or stolen data was encrypted. This has driven many organizations to consider encrypting their backup media.