The Cost of Securing the People's Privacy

Computerworld - I was recently asked to analyze a legislative bill to determine what fiscal impact it could have on our agency. In this state, it is a requirement that before a proposed bill can go before the legislature for approval, it must be distributed to all of the state agencies so that they can analyze the fiscal impact. The bill in question would force the agencies to take additional security measures, and the legislature needs to know how much they'd likely cost.
The aim of this particular bill is to protect consumer privacy, something that seems to be getting attention in a lot of states.
California's SB 1386, a similar law that passed a few years ago, states, "Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."
Personal information is defined as a person's first name or initial and last name combined with his Social Security number, driver's license number, or credit card or account information, including the PIN or password. Publicly available information like an address or anything that's in the public record, such as real estate transactions, isn't considered personal information.
The statute allows for written, electronic or substitute notice. Substitute notice can be provided via mass e-mails or public forums such as newspapers and broadcast media.
If you or I hear on the radio that our state's Department of Motor Vehicles' security was breached and the personal information of everyone in the state was compromised, what is our recourse?
The California law states, "Any customer injured by a violation of this title may institute a civil action to recover damages." But many of us do nothing when we hear about such things, other than shake our heads. Until ...
Here's a nightmare scenario: Two years later, you are buying a home. You have already sold your old house and moved into temporary housing, since you have every reason to believe that the purchase of the new home will go through without a hitch. In the middle of the back-and-forth with the loan officer over interest rates, he calls and tells you that your loan has been turned down because of an overwhelming number of extremely negative items on your credit report. You're stunned. You may not have perfect credit, but