California gets serious about data breach
The California assembly committee recently passed a bill which will affect all companies doing business in California. Among other businesses, it will have a serious impact on credit card companies, banks, and financial institutions who handle users’ personal data. The bill will move to the Assembly Business and Professions Committee for a hearing on April 24. According to
The Data Breach Notification Bill, Assembly Bill 779, was approved Tuesday by the state Assembly Judiciary Committee with an 8-2 vote. The bill, authored by committee chairman Assemblyman Dave Jones (D-Sacramento), seeks to improve data security by requiring accountability and reimbursement of affected parties if a data breach occurs. [Source: BizJournals]
It’s interesting that the California Credit Union League supports the bill, while California Bankers Association, California Mortgage Bankers Association, and the state’s financial services, grocers, retailers and restaurant associations all oppose the bill. Of course, these businesses don’t want to be held responsible for their lack of security and would prefer to continue to do business the way they have been doing for decades.
Here’s a portion of the Assembly Bill (AB 779).
Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
You can read the entire bill here.