A California proposed bill that would update the state's pioneering data breach notification law is heading back to the governor's desk.
The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold Schwarzenegger.
The current legislation, known as SB-1166, has been approved by the California Legislature, Simitian announced Thursday.
It builds on the landmark 2003 breach notification bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would mandate that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office.
“No one likes to get the news that personal information about them has been stolen,” Simitian said. “But when it happens, people are entitled to get the information they need to decide what to do next.”
The lawmaker has expressed confidence that Schwarzenegger will sign the bill this time around.
Last October, the governor, in a veto notice, said he decided to refuse the bill because there was no proof the additional information required by the legislation would actually help consumers. In addition, the governor said he saw no reason why the attorney general's office needed to become a "repository" of data breach notifications.
However, no lobbying groups objected the proposal.