While historically,
breach notification was largely focused solely on the first of these three objectives (
facilitating corrective action by individuals) the other two rationales (reporting and incentivizing stronger technical safeguards) have grown in importance in recent years.
At a very high level, it provides mandatory
breach notification for security
breaches related to personal information, attempts to clarify the confusing «lawful authority» provisions in Section 7 and also
facilitates the disclosure of customer... [more]