Breach Notification Service is a Bad Sign

You know data security breaches are way too common when a company builds a business around customer notification of stolen information. First Advantage Membership Services is launching the Security Incident Response Notification (SIRN???get it, like a siren?). If you've just exposed personally identifiable information, this service will leap into action to let your customers know they are screwed. (I wonder if there's a companion service that alerts attorneys specializing in class action lawsuits.)

SIRN also lets affected businesses choose a credit monitoring service to offer to consumers whose information has been exposed. Hey, guess what? First Advantage offers credit monitoring services! How convenient.

This is the law of unintended consequences at work. Customer notification requirements--and penalties for non-compliance???are on the books in a majority of U.S. states. These laws are supposed to encourage companies to better protect PII.

But protecting PII is hard. My guess is, many companies will find it cheaper and easier to employ a service that helps them with post-breach responses instead.

I can't blame First Advantage for getting into this market. After all, data breaches are a growth industry. The positive spin is that it's a form of insurance???if the worst happens, you're covered. But still, don't you think the money being spent on a notification service could be better employed on data protection?I applaud companies that comply with notification requirements. It's the right thing to do. But I'd think twice about doing business with a company that signed up for such a service. It gives the impression that a breach as inevitable, and they are just giving up.