As data breaches become more prevalent every day, governments are having to learn to how to deal with them.  In the United States we seem to be trying to figure it out on the fly.  Are consumers the number one priority?  Unfortunately, our laws, or lack thereof, seem to protect companies more than consumers.  In recent massive data breaches, such as Equifax and Yahoo, their executives were grilled on Capitol Hill, but what else was done?   Another pattern seems to be the public is notified that these companies knew about the breach much earlier than was reported previously.

Here is a link to an interesting case in Pennsylvania:

FOX43 Finds Out: Data breach notification lawsuit

What do you think is an acceptable time frame to be notified that your personal data has been or may have been stolen?  How should companies be punished?

It is also interesting when comparing consumer protection laws in the US versus the EU.  In the EU, consumers have far more protection of their personal data.  Why is that?  Is it because US companies have lobbied for less regulation?

ELC Information Security