Bruce Schneier argues that data breach notification laws are a good idea. I’d agree. I was working on an application that stored personal information when the ChoicePoint breach was reported, and it changed the way I thought about how much data we should archive. As Schneier points out, most identity theft results from computers belonging to individuals being compromised, but companies that deal in bulk amounts of user data should be particularly responsible when it comes to safeguarding that data. Without such laws, I don’t think they’d be as careful.