Right now companies must navigate through a myriad of existing state laws even as the European Union steps up its data breach disclosure enforcement initiatives.

FORBES: Into the Breach: Protecting the Brand When Data Loss Is the New Normal

But an amended breach disclosure law might require sites to post a notice on a site itself, warning users that it had been compromised over a certain period of time.

FORBES: Magazine Article

Today, 44 U.S. states have passed breach disclosure laws that require companies whose cache of personal information is lost or stolen to publicize the incident, reporting the problem to the affected customers.

FORBES: Dangerous Cybersilence

Those restrictions would require consumers to be notified by mail about a possible exposure of their data any time their information left a company or agency's control, not just when there would be a "reasonable risk of harm, " as most states' breach disclosure laws are worded.

FORBES: Security

The federal government has also served to distract our IT security teams as numerous bills have required an onerous documentation and reporting regime to comply with Sarbanes Oxley and HIPAA, while failing to pass legislation that addresses the morass of state breach disclosure laws we have to comply with.

FORBES: An Open Letter to Senator Rockefeller

Those laws, known as the E-Privacy Directive, currently require telco networks in the EU to make a swift, mandatory disclosure about a data breach.

FORBES: Euro Regulators Probe Sony Data Breach