BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

California Legislation Would Require Companies To Specify The Data Exposed In Breaches

From: security curmudgeon <jericho () attrition org>
Date: Thu, 26 Aug 2010 01:42:34 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227001108

By Kelly Jackson Higgins
DarkReading
Aug 25, 2010

A privacy breach notification bill recently passed by the California 
legislature would expand the state's existing law for how organizations 
notify consumers of a data breach.

California's existing data breach law does not specify what the breach 
notification should include information-wise. "This bill is intended to 
fill that gap by establishing standard, core content for breach 
notification letters," reads the California Senate Bill 1166, which was 
first introduced to the legislature in March.

Whether the new bill becomes law is up to Governor Arnold Schwarzenegger, 
who had previously vetoed a similar data breach bill because it put too 
much "unnecessary mandates on businesses without a corresponding consumer 
benefit," he said at the time.

The new bill, among other things, requires that the company include the 
type of personal information exposed in the breach; the date or estimated 
date of the breach; a general description of the incident itself; and 
toll-free numbers and addresses for credit reporting agencies if the 
breach included social security numbers, driver's licenses, or California 
ID cards. The breached organization would also have to explain how it's 
now protecting the affected victims and provide recommendations for how 
they can protect themselves. And if a single breach affects more than 500 
California residents, the organization must send the Attorney General an 
electronic copy of the notification, according to the bill.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: