So said William Gibson, and it is as true in breach notices as it is anywhere else. While only 34 US states have laws requiring these notices, we see organizations around the world sending them. They resonate as the right thing. Acknowledging and apologizing for your mistakes is powerful. (Hey, someone should mention that to Mark Hurd. Using a scandal as a pretext for promotion isn’t going to serve you well. But I digress.)
Organizations around the world are getting ahead of their problems by reporting them to their customers:
KRA computers stolen, which contains the interesting comment “A [Kenya Revenue Authority] official said the computers had crucial data on tax returns and it is likely that the data had no back up.”
On the other side of the world, “Computers with patient data stolen from Nagasaki hospital.”
Both via the Dataloss list.