The California Information Practice Act of 2003 was the nations first law requiring notice to those impacted by a loss of personal information. So far, as many as 19 different states have passed such legislation. The sheer variety of data breaches should be enough to strike fear in anyone who has responsibility for managing and protecting data. Many companies within the last few years have created a chief privacy officer or similar position, even when data collection is not their core business. It sends a clear message to customers, as well as potential thieves, that the company’s eye is on the data-security ball.”]