[BreachExchange] California introduces proposal to expand data breach notification law

Destry Winant destry at riskbasedsecurity.com
Mon Feb 25 01:05:28 EST 2019


https://www.techspot.com/news/78888-california-introduces-proposal-expand-data-breach-notification-law.html

California is introducing new legislation that expands on current data
breach notification requirements. State Attorney General Xavier
Becerra announced the proposed bill on Thursday.

Drafted by Becerra an Assemblyman Marc Levine, the law will require
companies to notify customers if their biometric data or passport
numbers have been compromised. Existing legislation passed in 2003
only holds health insurance information, medical data, credit card,
driver’s license, and social security card numbers as being “personal
information.”

Becerra says the bill would expand the current protections. The
proposal was prompted by the Marriott/Starwood breach last November in
which hackers stole over 500 million customer records including 25
million passport numbers.

AB 1130 will increase our efforts to protect consumers from fraud and
affirms our commitment to demand the strongest consumer protections in
the nation.

“Knowledge is power, and all Californians deserve the power to take
action if their passport numbers or biometric data have been accessed
without authorization,” said the California AG. “We are grateful to
Assemblymember Levine for introducing this bill to improve our state’s
data breach notification law and better protect the personal data of
California consumers. AB 1130 closes a gap in California law and
ensures that our state remains the nation’s leader in data privacy and
protection.”

Becerra notes that while Marriott did notify customers of the Starwood
breach as required by law, he is not so sure that would have been the
case if it were only the 25 million passport numbers that went
missing, which are not currently required to be reported.

Identity theft and fraud are on the rise with millions of records
being sold on the dark web every day. With so many companies
controlling consumers' digital fingerprints, both figuratively and
literally, lawmakers view the disclosure of breaches to that
information of the most vital importance. The public must be allowed
to know there are real or potential bad actors accessing their data so
they can take immediate action.


More information about the BreachExchange mailing list