California Updates Data Breach Law to Require More Incident Details

eWeek, By Fahmida Rashid,  September 1, 2011

California has updated its data breach notification law to further define what organizations have to do in case customer data is stolen. The bill, SB-24, updates California’s current data breach notification law by requiring organizations to include in the breach notification letters the specifics of the security incident and advice on steps customers should take. The bill also includes provisions mandating that if the security breach affected 500 or more people, the organization must submit a copy of the letter to the state attorney general’s office. The bill was signed into law Aug. 31 by Gov. Jerry Brown and will take effect on Jan. 1, 2012. The breach notification letters must include information such as the type of personal information exposed, a description of what happened, time of the breach, and toll-free telephone numbers and addresses of major credit reporting agencies in California, according to the new law. The original law did not specify what information had to be included in the letters. The new law also requires the letters to be sent “in the most expedient time possible and without unreasonable delay.” “No one likes to get the news that personal information about them has been stolen,” said State Sen. Joe Simitian (D), the bill’s sponsor. “But when it happens, people deserve to get the information they need to decide what to do next.” About 28 percent of data breach victims receiving a security breach notification letter “do not understand the potential consequences of the breach after reading the letter,” Simitian said, referring to a recent survey by the Samuelson Law, Technology & Public Policy Clinic at the University of California, Berkeley.

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: