Problem
California was the first state to enact a statue requiring companies to notify consumers of computer security breaches. The Business Roundtable opposes "breach notifications laws requiring companies to report computer security breaches or implement minimum security standards because these obligations may lead to greater litigation costs." Some consumers, particularly those who know little about computers, may be needlessly alarmed by such a notification.
i. What are the ethical issues in imposing an obligation to notify consumers of any breach of the security of their data?
ii. Do you agree or disagree with the Business Roundtable? Why?
iii. What other laws align with the California law?
iv. What type of burden/responsibility does this law put on the company? Should notification be the only requirement? Is it the only requirement?