Schwarzenegger negs update to California breach law

Share this article:

California Gov. Arnold Schwarzenegger has vetoed a bill that would have updated the state's existing data breach disclosure law.

The move Sunday by Schwarzenegger surprised the author of SB-20, state Democratic Sen. Joe Simitian, who said in a statement that the final version of the bill eliminated any sources of dissent from the insurance and financial services industries.

The new legislation would have built on the landmark 2003 bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would have required that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office

But the governor, in a veto notice, said he decided to refuse the bill because there is no proof the additional information required by the legislation would actually help consumers. In addition, Schwarzenegger said he saw no reason why the attorney general's office needed to become a "repository" of data breach notifications.

The bill, though, had no opposition. On Aug. 26, the California Chamber of Commerce withdrew its dissent to the bill on behalf of 13 other entities, including the California Bankers Association, Association of California Insurance Companies and State Farm Insurance. The groups were satisfied with the amended bill, which eliminated a single provision that would have required breached firms to provide victims with an estimated number of total people affected by the incident.

“I'm surprised as well as disappointed by the governor's veto,“ Simitian said. “There was no opposition to the bill in its final form.  This was a common sense step to help consumers. No one likes to get the news that personal information about them has been stolen. But when it happens, people are entitled to get the information they need to decide what to do next."

This is not the first time Schwarzenegger has shot down data security legislation. In October 2007, he vetoed the Consumer Data Protection Act, known as AB 779. That law would have set forth data security and breach notification requirements for merchants.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.