So it's $15 to tell people their confidential data has been compromised. That begs the question : how much is it per customer to properly secure the whole thing ?

After all, if it's marginally more expensive, or even twice as expensive, it only needs to be done once, whereas notifying can happen multiple times and will happen again unless nothing is done.

So, any figures ?

This compares well to the estimated real cost to a UK bank of handling an overdraft -- abt. £5 according to news articles.

But sadly, this California law is just another tame poodle with its teeth extracted, mere window dressing.

Far better If the law imposed absolute liability on businesses for breaches of customer data confidentiality, and required them to pay, say, $10K per account per incident to each breachee, it would only take a few exemplary bankruptcies as a result for all businesses to start taking data security seriously.

To put the icing on the cake, the law should hold corporate managers and directors personally responsible for such liability. Business and businessmen are much like a mules: you have to hit them over the head with a 2×4 to get their attention.

THe TJMAXX incident costs the banks over $50k to reissue the cards. this would shift that cost to the company that screwed up. Also it will nail repeat offenders