That is the quote from Senator Arlen Spector yesterday in federal hearings with LexisNexis and the other data brokers.  What is described over and over is the relative unsophistication of the attacks -- how about the unsophistication of the data protections?  Again -- where is the two factor authentication?  The technology is there and has been for years.  It is clear to me now that without strong identity management in place there will be weak identity protection.  Perhaps the legislation will have some impact -- but then again HIPAA passed into law in 1996 and the security provisions are just now being implemented.  Moreover -- while the law may exist there needs to be an enforcement mechanism. 

Two days ago I received one of the "dreaded letters" -- not from one of the high profile companies but from my graduate school saying that they believe they may have suffered a breach of their alumni donor database and were, as a precaution, notifying people.  Yikes!  I am placing a call to the alumni office asking for a disclosure of their data security practices before they see money from me -- at least here I am a consumer!