California Senate again OKs breach notification law update

Share this article:

The California Senate has approved a bill that would update the state's pioneering data breach notification law, the lawmaker who introduced the legislation announced Friday.

The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold Schwarzenegger.

The current legislation, known as SB-1166, builds on the landmark 2003 breach notification bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would mandate that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office.

“This new measure makes modest but helpful changes to the law," Simitian said in a statement. "It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft."

He added that he believes, based on conversations with the governor's office, that Schwarzenegger will sign the bill this time.

Last October, Schwarzenegger, in a veto notice, said he decided to refuse the bill because there was no proof the additional information required by the legislation would actually help consumers. In addition, the governor said he saw no reason why the attorney general's office needed to become a "repository" of data breach notifications. However, no lobbying groups objected the proposal.

California has a history of taking the lead on consumer protection laws. SB-1386, which took effect July 1, 2003, required organizations that maintain personal information to notify customers in the event of a breach. Since then, 46 other states have followed suit, with Mississippi this week becoming the latest.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.