Information Security News mailing list archives
California Legislation Would Require Companies To Specify The Data Exposed In Breaches
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 26 Aug 2010 01:21:13 -0500 (CDT)
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227001108 By Kelly Jackson Higgins DarkReading Aug 25, 2010 A privacy breach notification bill recently passed by the California legislature would expand the state's existing law for how organizations notify consumers of a data breach. California's existing data breach law does not specify what the breach notification should include information-wise. "This bill is intended to fill that gap by establishing standard, core content for breach notification letters," reads the California Senate Bill 1166, which was first introduced to the legislature in March. Whether the new bill becomes law is up to Governor Arnold Schwarzenegger, who had previously vetoed a similar data breach bill because it put too much "unnecessary mandates on businesses without a corresponding consumer benefit," he said at the time. The new bill, among other things, requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security numbers, driver's licenses, or California ID cards. The breached organization would also have to explain how it's now protecting the affected victims and provide recommendations for how they can protect themselves. And if a single breach affects more than 500 California residents, the organization must send the Attorney General an electronic copy of the notification, according to the bill. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- California Legislation Would Require Companies To Specify The Data Exposed In Breaches InfoSec News (Aug 25)