AOH :: ISNQ6889.HTM

California Legislation Would Require Companies To Specify The Data Exposed In Breaches




California Legislation Would Require Companies To Specify The Data Exposed In Breaches
California Legislation Would Require Companies To Specify The Data Exposed In Breaches



http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227001108 

By Kelly Jackson Higgins
DarkReading
Aug 25, 2010 

A privacy breach notification bill recently passed by the California 
legislature would expand the state's existing law for how organizations 
notify consumers of a data breach.

California's existing data breach law does not specify what the breach 
notification should include information-wise. "This bill is intended to 
fill that gap by establishing standard, core content for breach 
notification letters," reads the California Senate Bill 1166, which was 
first introduced to the legislature in March.

Whether the new bill becomes law is up to Governor Arnold 
Schwarzenegger, who had previously vetoed a similar data breach bill 
because it put too much "unnecessary mandates on businesses without a 
corresponding consumer benefit," he said at the time.

The new bill, among other things, requires that the company include the 
type of personal information exposed in the breach; the date or 
estimated date of the breach; a general description of the incident 
itself; and toll-free numbers and addresses for credit reporting 
agencies if the breach included social security numbers, driver's 
licenses, or California ID cards. The breached organization would also 
have to explain how it's now protecting the affected victims and provide 
recommendations for how they can protect themselves. And if a single 
breach affects more than 500 California residents, the organization must 
send the Attorney General an electronic copy of the notification, 
according to the bill.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods