California Data Breach
On May 27, 2014, the California State Assembly passed Assembly Bill 1710 (AB 1710) to update California’s data breach notification law. The AB 1710 law update expands existing provisions to require businesses, including retailers, to notify consumers of a data breach at the same time data owners are notified. As a shredding professional — one committed to safeguarding my client’s sensitive data — keeping an eye on privacy laws is critical.
Support and Opposition
The bill introduced by Assemblymen Roger Dickinson and Bob Wieckowski passed 43-25, with Democrats in favor and Republicans opposed. While privacy rights powerhouses like Privacy Rights Clearinghouse and the American Civil Liberties Union support the measure, business groups such as the California Retailers Association, the Internet Association and the California Bankers Association oppose the law update’s broad language and stiff penalties.
At this time, the law requires any business that owns, maintains, or licenses personal information about a California resident to provide and maintain appropriate levels of security. Information must be protected from unauthorized use or access, destruction, modifications, or disclosure. These businesses are not required to notify consumers affected by a breach if data was encrypted.
AB 1710 Law Update
The bill would require entities that maintain, own, or license personal information to send consumer data breach notifications. The safe harbor would apply if the data encrypted is in conformance with the Advanced Encryption Standard of the National Institute of Standards and Technology (NIST), Federal Information Processing Standards Publication 197. The law update would also prohibit the sale of an individual’s Social Security number.
According to Bloomberg BNA, the AB 1710 law was amended on May 5th to remove sections of the bill that would have held businesses liable for breach notification and card replacement costs. The bill now moves to the Senate for consideration. Dickinson expects to amend the bill as it moves through the Senate in order to address any issues or concerns that he believes are “eminently solvable.”
What do you think of the AB 1710 law? Does it strike a balance between business liability and consumer privacy rights?