2005 was an active year in the privacy and information security business world. Both business and consumer awareness was raised to a new height with identity crimes accounting for 40% of all fraud in the United States; new legislation being enacted in almost every state; and a flurry of activity within the House of Representatives and the Senate.

There were 100 breaches of data that lead to notices in 2005. A total of approximately six million people were affected. 65% of the breaches occurred in the university/college setting. The next highest sector was the government which reported 20 breaches. In the commercial sector, 15 data security breaches were.

In 2005, 65 privacy bills were introduced in the House of Representatives; 89 in the Senate. There were no significant enactments in 2005. Three types of bills came close: data security; spyware; and genetic privacy.

Early into 2006, new ground is already being covered and important decisions are being made in the privacy and information security arenas. This month has brought to light the fight over the privacy of cell phone calling records and the Federal Trade Commission's decision to impose a $15 million fine on data aggregator ChoicePoint.

Also in 2005, 22 states enacted data security breach laws, mostly patterned after California's security breach notification law, the first of its kind. Dr. Alan Westin, of Privacy and American Business, said during a recent conference that "States are the little laboratories in which legislation unfolds."

The keys to these laws include defining:

• What is a breach?
• Who is a covered entity?
• What is sensitive information?
• What is the harm and how is it triggered?
• What are the consumer notification standards?
• What are the mitigation requirements?

The Privacy Gurus® are advising their business clients to be sure and review their state's security breach notification law, if there is one, and to be sure and include security breach notification provisions in their contracts as well as in their policies and procedures. If you need more information, please email us at info@privacygurus.com.

Privacy and information security are business imperatives. Make sure you stay aware and alert. The PrivacyGurus® are here to help. We know what you need to do!

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619)670-9462 or Darity@privacygurus.com