BreachExchange mailing list archives
California introduces proposal to expand data breach notification law
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 25 Feb 2019 00:05:28 -0600
https://www.techspot.com/news/78888-california-introduces-proposal-expand-data-breach-notification-law.html California is introducing new legislation that expands on current data breach notification requirements. State Attorney General Xavier Becerra announced the proposed bill on Thursday. Drafted by Becerra an Assemblyman Marc Levine, the law will require companies to notify customers if their biometric data or passport numbers have been compromised. Existing legislation passed in 2003 only holds health insurance information, medical data, credit card, driver’s license, and social security card numbers as being “personal information.” Becerra says the bill would expand the current protections. The proposal was prompted by the Marriott/Starwood breach last November in which hackers stole over 500 million customer records including 25 million passport numbers. AB 1130 will increase our efforts to protect consumers from fraud and affirms our commitment to demand the strongest consumer protections in the nation. “Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization,” said the California AG. “We are grateful to Assemblymember Levine for introducing this bill to improve our state’s data breach notification law and better protect the personal data of California consumers. AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.” Becerra notes that while Marriott did notify customers of the Starwood breach as required by law, he is not so sure that would have been the case if it were only the 25 million passport numbers that went missing, which are not currently required to be reported. Identity theft and fraud are on the rise with millions of records being sold on the dark web every day. With so many companies controlling consumers' digital fingerprints, both figuratively and literally, lawmakers view the disclosure of breaches to that information of the most vital importance. The public must be allowed to know there are real or potential bad actors accessing their data so they can take immediate action. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- California introduces proposal to expand data breach notification law Destry Winant (Feb 25)