ARN

California's data breach law may get an update

The California state senator who co-authored the state's breach notification law has proposed updated legislation.

California's landmark data-breach notification law will get another update, if State Senator Joe Simitian gets his way.

Simitian, co-author of California's original 2003 legislation, has proposed a new bill, SB 20, that would spell out what companies must tell customers in their data breach letters and require that breaches affecting more than 500 people be reported to the state's attorney general.

Speaking at a security breach notification symposium Friday at the University of California, Berkeley, Simitian said that the new law would give "greater clarity and specificity as to the content of security breach notices, which I think is long past due."

While some breach notification letters do a good job of telling users what happened to their data, a "substantial number" do not, "leaving consumers more confused than informed," Simitian said.

California's breach law was the nation's first. It requires that consumers be notified when unencrypted, computerized financial data is lost or stolen, and is credited with shining a light on the issue of data privacy and inspiring similar legislation in 43 other states. The law was just expanded in January to cover medical and insurance data.

Simitian said one of his goals in writing the 2003 bill was to help people outside of California. "This goal has been more fully realized than we could have ever anticipated at the time," he said.

But lawyers working on data breach cases estimate that perhaps only one in 10 breaches are ever made public, according to Fred Cate, a law professor at Indiana University. "We actually have very poor data on data breaches," he told conference attendees.

Part of the problem is that, while consumers must be notified of breaches, most states do not require any kind of centralized notification.

That would change under California's proposed new law. By requiring the attorney general or other central agency to keep track of breaches, observers would get a "better understanding of the nature and scope of the problem," Simitian said.

Some states already require that breach notification letters be sent to a central state agency, but Simitian's bill would centralize that information in the largest state in the U.S., potentially creating the country's largest repository of breach data.

Simitian said he hopes to see California Governor Arnold Schwarzenegger sign the bill by year's end. "That would make a good law , a groundbreaking law, even better," he said.

Come socialise with us! Facebook | LinkedIn

More about: AMP, Bill, CA Technologies, CGI, Fred
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach
ARN Directory | Distributors relevant to this article
Aquion , Express Data , Leader Computers , Topstar Computer International
ARN Directory | Vendors relevant to this article
CA
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/357_sap-business-objects-crystal-reports-2008-defy
ACA Pacific

Increase Your Profit Margins with Tandberg Data RDX Cartridges!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.