If posting has been light, there are reasons.
For one thing, I’ve been entering most new incidents directly into DataLossDB.org. If you’re not already checking DLDB and you want to really keep up with breach reports, bookmark that resource.
But I’m also in data heaven right now, having received 3+ years’ of data breach reports under FOI from North Carolina. So far, I’ve managed to work through 2009, and have updated a lot of entries in DLDB to now reflect the number of individuals affected. I’ve also added incidents that we didn’t know about from other sources. It will take me a while to work my way through 2010 and especially 2011, so posting here will likely continue to be light for a while.
All that said, I love North Carolina’s reporting form and would recommend that instead of Congress fighting over what should be in a breach disclosure notice, they adopt North Carolina’s reporting form as a model. It provides all the essential elements of a breach report, entities find it easy to use/respond to, and it is not burdensome for entities to use. The only question I would add to the form would be to specifically ask what types of data or information were involved in the breach. Could the form be simplified by adding checkboxes to indicate breach types? Sure. But it’s a great starting point that with a tiny bit of tweaking could give us a standardized national breach notification form.