Japan's recently appointed minister of cybersecurity responded to questions about his computer literacy by proclaiming that he has never used a computer, adding, "I have always directed my staff and secretaries to do that kind of thing."
Wow — simultaneously elitist and incompetent. Oh Japan, that wouldn't happen in the U.S. Because we don't even have a national department of cybersecurity.
So, what does U.S. law say about cybersecurity breaches? There is no one federal law, but instead a patchwork of laws that govern data breaches and notification in the U.S. Most state laws say that companies have to disclose the fact of a breach to affected customers, but the laws differ on how long companies have to report the breach, based on the size and industry of the affected business and the number of individuals affected.
It is in your best interest as a consumer to find out the data security measures of companies to whom you give your information to before you provide it, because by the time you have to rely on the laws — or the lawmakers who create them — to protect you, it's already too late.