New US law enforces computer security honesty

Banks whose computer systems are hacked or suffer any other breach in their IT security from now on have to inform their customers about that if personal data has been exposed, new regulations from several US federal agencies require.

The lucky residents of California have had the joy of living under the Security Breach Information Act for over a year. The local law has similar requirements as the new federal one, but in addition to that applies to any company that suffers a breach in their IT security.

The new rules are so amazingly obvious that it's remarkable that they haven't been put in place earlier.

Companies for years have been lacking the motivation to properly tackle IT security because it is cheaper to clean up a mess than it is to prevent it from happening. Now that they are required to go public with these embarrassing facts, they might have more of an inclination to spring into action.

Self-regulation has had its chance for the past decades, and by now we can state without the smallest doubt that it doesn't work. Let's hope that this is only the start of a slew of new rules and regulations around the world.