Privacy and data breach legislation has been enacted and continues to evolve, both as a natural consequence of the amount and type of personal data stored by organizations, as well as in response to well-publicized security breaches and the heightened public concern about the loss of control over sensitive personal information.

Most legislation includes a breach notification provision, where organizations holding sensitive personal data are required to notify individuals in the event of a security breach of their personal information. The notice of breach provision usually takes into account ...