California blazes trail again with enhanced breach alert law

Share this article:

After being vetoed twice by the prior administration, a bill that updates California's pioneering data breach notification law was signed into law Wednesday by Gov. Jerry Brown.

Introduced by Democratic state Sen. Joe Simitian, SB-24 bolsters SB-1386, the nation's first law requiring companies to alert California residents if their personal data is accessed illegally. Since that legislation took effect eight years ago, nearly all 50 states have followed suit with their own versions.

The update, meanwhile, requires that breach notification letters contain specifics of the incident, including the type of personal information exposed, a description of what happened, and advice on steps to take to protect oneself from identity theft. The law also mandates that organizations that sustain a breach affecting 500 or more people submit a copy of the alert letter to the state attorney general's office.

"No one likes to get the news that personal information about them has been stolen," Simitian said. "But when it happens, people deserve to get the information they need to decide what to do next."

The bill faced an uphill climb, however. Twice before, it had gone to former Gov. Arnold Schwarzenegger's desk to be signed, but was vetoed. In defense, Schwarzenegger said there was no proof the additional information required by the legislation would actually help consumers. In addition, he said he saw no reason why the attorney general's office needed to become a "repository" of breach notifications.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.