When you give your personal information to a business as part of the sales process, various laws come into play about how that business must protect the information - who has access to it, how it is stored, and how the company will dispose of it when they no longer need it. If someone steals that information, the business (and you, indirectly) become a victim of a data breach.

Technically speaking, a data breach is defined as losing the information, and the act of stealing it. But sometimes the breach is just a byproduct of another event - a lost USB drive or CD that has business records on it, for example. But the laws surrounding data breaches don't really care if it was an accidental or deliberate loss... only that information is lost.

In 2011, I anticipated the federal government would pass a law dealing with breach notification, but there was nothing that made it through the complicated process to actually be enacted. For the time being, it is best to know what a data breach actually is, and know your risks of identity theft if your information is compromised in one.

During seminars, I often get questions about identity theft and data security from people who want to understand their risks better. One question that sticks out in my mind as I look at the year to come is "How did we get to the point identity theft is such a problem?"

Sometimes we can become so tied-up in what's happening today, that we overlook some of the important things that have lead us to this point. The condition of the US Dollar is a perfect example of years of mismanagement and lack of understanding the results of near-sighted decisions in several decades of presidency. The history of identity theft is another example of how good laws can be made, but end up creating problems down the road because the full scope of what the law is requiring isn't properly considered.

Well, I suppose it's always nice to start off the new year with a juicy topic - at least from a writer's perspective. But the recent news I've been reading about the Gameover scam really has me concerned. This looks to be a real news-maker in 2012 (unless something even worse comes along this year.)

I've had people tell me I'm just paranoid, that they don't believe things are nearly as bad as I make them out to be. But Gameover actually goes even further than I anticipated. To me, this shows that I'm not paranoid enough... identity thieves are not just a step ahead in the game, they are prepared to defeat identity theft protection measures that may not even have been put in place yet by the banks they are attacking.

Meanwhile, Congress is still trying to figure out if it's even necessary to force companies to tell consumers when their information has been compromised in a data breach.

*sigh* Maybe I should run for an office?

This time last year, I was writing about the Data Accountability and Trust Act with high expectations that the bill would be passed and give consumers added security. The bill was intended to compel companies that held personal information to tell their clients there was a data breach - as it stood then, there were many companies that had no such requirement.

Well, they still don't. DATA died in committee, after being read twice. (The House of Representatives passed this one.) Although some of the language of the bill has made it into other bills that are currently being considered, this is one prediction that has left privacy experts with a bit of egg on our faces.