BreachExchange mailing list archives
California Legislation Would Require Companies To Specify The Data Exposed In Breaches
From: security curmudgeon <jericho () attrition org>
Date: Thu, 26 Aug 2010 01:42:34 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227001108 By Kelly Jackson Higgins DarkReading Aug 25, 2010 A privacy breach notification bill recently passed by the California legislature would expand the state's existing law for how organizations notify consumers of a data breach. California's existing data breach law does not specify what the breach notification should include information-wise. "This bill is intended to fill that gap by establishing standard, core content for breach notification letters," reads the California Senate Bill 1166, which was first introduced to the legislature in March. Whether the new bill becomes law is up to Governor Arnold Schwarzenegger, who had previously vetoed a similar data breach bill because it put too much "unnecessary mandates on businesses without a corresponding consumer benefit," he said at the time. The new bill, among other things, requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security numbers, driver's licenses, or California ID cards. The breached organization would also have to explain how it's now protecting the affected victims and provide recommendations for how they can protect themselves. And if a single breach affects more than 500 California residents, the organization must send the Attorney General an electronic copy of the notification, according to the bill. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- California Legislation Would Require Companies To Specify The Data Exposed In Breaches security curmudgeon (Aug 29)