In the wake of numerous high-profile data breach incidents costing millions of dollars, governments are being urged to take a legislative approach to data protection and data breach disclosure. The question has been raised, however, as to whether it is the government's responsibility to implement standardized data breach laws. Or, should the onus be on the businesses themselves to protect confidential data proactively?