News
Bill Would Boost Breach Disclosure Rules
New bill he filed late last year would standardize the process of notifying consumers and government agencies of data breaches
By Robert McMillan, IDG News Service
March 16, 2009 — IDG News Service —
A co-author of the landmark six-year-old California data-breach notification law said that a new bill he filed late last year would standardize the process of notifying consumers and government agencies of data breaches that expose personal information.
Speaking at a symposium on breach notification issues held earlier this month at the University of California, Berkeley, State Sen. Joe Simitian said that his latest bill, known as SB 20, would give "greater clarity and specificity as to the content of security breach notices, which I think is long past due."
Simitian said he hopes that California Gov. Arnold Schwarzenegger will sign the new bill into law by year's end.
While letters sent by some companies and government agencies do a good job of telling affected users exactly what happened to their data, a "substantial number" do not, often leaving consumers "more confused than informed," he said.
SB 20 also requires that the state attorney general's office or another agency keep track of breaches, which Simitian said would give public officials "a better understanding of the nature and scope of the problem."
Fred Cate, a law professor at Indiana University's Maurer School of Law in Bloomington, told symposium attendees that government agencies may underestimate breaches because they lack information. "We actually have very poor data on data breaches," Cate said, noting that current laws mostly require consumers, not governments, to be notified that personal data was accessed.
The initial California law, which took effect in 2003, requires that consumers be notified when unencrypted financial data is lost or stolen from computer systems. The law is credited with inspiring similar legislation in 43 other states.
Other stories by Robert McMillan
Copyright 2009 IDG News Service, International Data Group Inc. All rights reserved.
Breach disclosure
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
