California's Data Breach Law May Get an Update

Fri, Mar 6th, 2009

California's landmark data-breach notification law will get another update, if State Senator Joe Simitian gets his way.

Simitian, co-author of California's original 2003 legislation, has proposed a new bill, SB 20, that would spell out what companies must tell customers in their data breach letters and require that breaches affecting more than 500 people be reported to the state's attorney general.

Speaking at a security breach notification symposium Friday at the University of California, Berkeley, Simitian said that the new law would give "greater clarity and specificity as to the content of security breach notices, which I think is long past due."

While some breach notification letters do a good job of telling users what happened to their data, a "substantial number" do not, "leaving consumers more confused than informed," Simitian said.

Share with friends if you like this page:
No comments yet.