BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Calif. breach notification bill going back to the governor

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 21 Aug 2010 23:42:46 -0400
http://www.scmagazineus.com/calif-breach-notification-bill-going-back-to-the-governor/article/177253/

A California proposed bill that would update the state's pioneering
data breach notification law is heading back to the governor's desk.

The bill from Democratic Sen. Joe Simitian is a reintroduction of the
same measure that he proposed last year, but which was ultimately
vetoed by Gov. Arnold Schwarzenegger.

The current legislation, known as SB-1166, has been approved by the
California Legislature, Simitian announced Thursday.

It builds on the landmark 2003 breach notification bill, SB-1386, by
requiring that breach notification letters also contain specifics
around the data-loss incident, including the type of personal
information exposed, a description of the incident, and advice on
steps to take to protect oneself from identity theft. The law also
would mandate that organizations that suffer a breach affecting 500 or
more people must submit a copy of the alert letter to the state
attorney general's office.

“No one likes to get the news that personal information about them has
been stolen,” Simitian said. “But when it happens, people are entitled
to get the information they need to decide what to do next.”

The lawmaker has expressed confidence that Schwarzenegger will sign
the bill this time around.

Last October, the governor, in a veto notice, said he decided to
refuse the bill because there was no proof the additional information
required by the legislation would actually help consumers. In
addition, the governor said he saw no reason why the attorney
general's office needed to become a "repository" of data breach
notifications.

However, no lobbying groups objected the proposal.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: