If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic grades or medical history – will become compromised, and it’s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.While the news media is full of stories about hackers, his survey revealed 60 percent of the breaches were due to "organizational mismanagement." The report is referring to lost (stolen) hardware, internal theft, administrative error, or accidentally exposing the information online.
According to the authors, gathering the information for this study wouldn't have been possible before state laws were passed requiring disclosure of data breaches.
Laws requiring this are only on the books in less than half of the states, nationwide.
Phys.org story, here.
Unfortunately, despite a lot of effort, no federal law has been passed, and the most current version before Congress threatens to make it easier not to report data breaches.
Here is a previous post about that subject:
Consumers Union Calls for Congress to Protect People's Personal Information