Californians could get increased consumer privacy protection if Gov. Arnold Schwarzenegger signs a bill passed by the Legislature Thursday.
Senate Bill 1166, authored by Sen. Joe Simitian, D-Palo Alto, which Mr. Simitian says strengthens the notification required when databases of personal information are compromised. California’s existing data breach law, which was written by Mr. Simitian in 2002, requires companies and state government agencies to notify individuals when their personal information has been compromised.
The new measure takes what he calls “the next logical step” by specifying what information must be included in the notification, so that individuals might take steps to protect themselves against identity theft. “No one likes to get the news that personal information about them has been stolen,” says Mr. Simitian. “But when it happens, people are entitled to get the information they need to decide what to do next.”
A survey by the Samuelson Law, Technology & Public Policy Clinic at the University of California, Berkeley, found that 28 percent of data breach victims receiving a security breach notification letter “do not understand the potential consequences of the breach after reading the letter.”
Privacy Rights Clearinghouse, a non-profit consumer education and advocacy group, reports that at least 347 million sensitive records have been compromised nationwide since 2005. Current notifications of data breaches vary widely in the information they provide and in their helpfulness to individuals who are affected.
Whether the changes make it into law are not certain; Mr. Schwarzenegger vetoed a similar bill last year.
But if they do, they would establish standard content for data breach notification, including:
A general description of the incident; The type of information breached; The date and time of the breach; and, A toll-free telephone number of major credit reporting agencies for security breach notices in California.The law also requires public agencies, businesses and people subject to California’s security breach notification law to send an electronic copy of the breach notification to the Attorney General if more than 500 Californians are affected by a single breach.
“This new measure makes modest but helpful changes to the law. It will also give law enforcement the ability to see the big picture and a better understanding of the patterns and practices developing in connection with identity theft,” says Mr. Simitian.