CISO Talk by James Azar

CISO Talk by James Azar

Share this post

CISO Talk by James Azar
CISO Talk by James Azar
Rethinking PII: It's Time to Redefine Data Breach Notifications fora Better Future

Rethinking PII: It's Time to Redefine Data Breach Notifications fora Better Future

A Call for Common-Sense Reform in Data Breach Notification Laws

James Azar's avatar
James Azar
Jun 28, 2025
∙ Paid
6

Share this post

CISO Talk by James Azar
CISO Talk by James Azar
Rethinking PII: It's Time to Redefine Data Breach Notifications fora Better Future
Share

The Yellow Pages Paradox: When Private Information Was Public

For those old enough to remember life before the internet, there's a striking irony in today's data breach notification landscape. We live in an era where companies spend millions notifying consumers about the exposure of information that was once freely available in every American household.

The Yellow Pages contained everyone's name, phone number, and home address—readily available for anyone to see. This information was automatically included unless you paid a fee to remain unlisted, and even getting removed from these directories was a complex process that wasn't streamlined until the late 1990s or early 2000s. The first business directory appeared in Philadelphia around 1785, and by the 1880s, these directories were organizing businesses by category and selling advertising space—essentially creating the original "search engine" for finding people and businesses.

Yet today, when this same basic information—name, address, phone number, and email—is accessed without authorization, companies face an average data breach cost of $4.88 million in 2024, representing a 10% increase from the previous year. Something fundamental has shifted in how we view and regulate personal information.

The Mounting Cost of Data Breach Notifications

The financial burden of data breach notifications has reached staggering proportions. IBM's 2024 Cost of a Data Breach Report reveals that 75% of the increase in average breach costs was due to lost business and post-breach response activities, with legal and regulatory penalties varying significantly depending on industry and geographic location.

Keep reading with a 7-day free trial

Subscribe to CISO Talk by James Azar to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 James Azar
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share