California lawmaker tries again with data breach bill

Share this article:

For a third time, a California lawmaker has introduced a bill that would update the state's pioneering data breach notification law, SB-1386, to include additional requirements for organizations that lose sensitive data.

The proposal, introduced Thursday by Democratic state Sen. Joe Simitian, would require that breach notification letters contain specifics of the incident, including the type of personal information exposed, a description of what happened, and advice on steps to take to protect oneself from identity theft. The law also would mandate that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office.

Twice before, the bill has gone to former Gov. Arnold Schwarzenegger's desk to be signed but was vetoed

Simitian said in a news release that he hopes the new administration, led by Gov. Jerry Brown, "will give this issue a fresh look."

In defense of his 2009 veto, Schwarzenegger said there was no proof the additional information required by the legislation would actually help consumers. In addition, he said he saw no reason why the attorney general's office needed to become a "repository" of data breach notifications.

“This new measure makes modest but helpful changes for consumers,” Simitian said. “By requiring notice to the attorney general, it will enable law enforcement to identify patterns of data theft and to understand the scope of the threat.”

Meanwhile, another Simitian-backed law, which bans email impersonation, took effect on Jan. 1. SB-1411 makes it a misdemeanor to digitally impersonate another person, through channels such as email or social networking site, with criminal intent to harm, intimidate, threaten, or defraud.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.