Companies are not encrypting data thoroughly, adequately, or at all, California's state attorney general said in a statement this week.
State AG Kamala D. Harris released this week figures from her office that showed out of the 131 data breaches that companies suffered in 2012, around 2.5 million Californians had personal data put at risk as a result. But around 1.4 million, or 55 percent, of all Californians affected, could have been protected had their data been encrypted when companies' moved or sent it out of their secure networks.
Among the list of data breaches, Barnes & Noble and the California Dept. of Social Security were named, while American Express was named numerous times, as were a number of other financial institutions and universities.
"Data breaches are a serious threat to individuals' privacy, finances and even personal security," Harris said. "Companies and government agencies must do more to protect people by protecting data."
According to the report's key findings:
Harris said her office will "make it an enforcement priority to investigate breaches involving unencrypted personal information." She noted that companies should review and tighten security controls on their data, such as training employees and contractors to handle data in the highest regard.
California is currently working on a new law that would see basic elements of existing European data protection and privacy laws to be included in the state's legislature. The so-called "right to know" law that would allow citizens to see data that business holds on them within 30 days of that customer's request.