Absolutely; I would say that the first and foremost most important purpose of breach notification is to put in place incentives for the companies themselves to put in place the security measures that prevent the identity theft from happening in the first place.
But I'm concerned for the reasons I've expressed. I'm concerned that the regime here is not strong enough.