Rethinking PII: It's Time to Redefine Data Breach Notifications fora Better Future
A Call for Common-Sense Reform in Data Breach Notification Laws
The Yellow Pages Paradox: When Private Information Was Public
For those old enough to remember life before the internet, there's a striking irony in today's data breach notification landscape. We live in an era where companies spend millions notifying consumers about the exposure of information that was once freely available in every American household.
The Yellow Pages contained everyone's name, phone number, and home address—readily available for anyone to see. This information was automatically included unless you paid a fee to remain unlisted, and even getting removed from these directories was a complex process that wasn't streamlined until the late 1990s or early 2000s. The first business directory appeared in Philadelphia around 1785, and by the 1880s, these directories were organizing businesses by category and selling advertising space—essentially creating the original "search engine" for finding people and businesses.
Yet today, when this same basic information—name, address, phone number, and email—is accessed without authorization, companies face an average data breach cost of $4.88 million in 2024, representing a 10% increase from the previous year. Something fundamental has shifted in how we view and regulate personal information.
The Mounting Cost of Data Breach Notifications
The financial burden of data breach notifications has reached staggering proportions. IBM's 2024 Cost of a Data Breach Report reveals that 75% of the increase in average breach costs was due to lost business and post-breach response activities, with legal and regulatory penalties varying significantly depending on industry and geographic location.
Keep reading with a 7-day free trial
Subscribe to CISO Talk by James Azar to keep reading this post and get 7 days of free access to the full post archives.