California Sets Rules for Notifying Breaches to Consumers
The California Senate has legislated wide measures that would require organizations to notify consumers more extensively about data breaches, set up a center for reporting breaches, and allow prosecution of online identity thieves.
The bills SB612 for identity theft prosecution and SB364 for privacy, which got passed with 40-0 and 30-7 votes, require notification to explain properly the incident of breach and what people need to do for self-protection.
According to SB364, consumers should be given a clear and informative notice if their private data with a public agency or business is stolen.
Sen. Joe Simitian, introducer of the bill, said that certain business organizations already practice proper notification to consumers. InformationWeek reported this on January 4, 2008.
He said that many companies either relate the news of information theft with sugarcoating or heap it with legal jargon in a manner that people fail to understand the vulnerability underlying the identity theft. Simitian added that no one welcomes news about theft of their information, but when the incident happens, people have the right to receive a legible notice that would help them to decide their subsequent action.
California's present law mandates that government agencies or business organizations, which had their customers' personal data stolen, notify the affected individuals. Over 40 states have implemented similar law in line with the California act.
However, as per SB364, a data breach notification should have a toll-free phone number of credit reporting bodies so that consumers can hold back their cards in case of an incident, know the name of the business affected, as well as know what data might have been revealed or stolen. The bill also requires that the notices tell the time of the breach and the number of affected people.
The mandates that SB364 enforces are framed based on a study delineating recommendations by the Samuelson Law, Technology and Public Policy Clinic at the Berkeley School of Law at the University of California.
The bill would also establish a Website where people can report security breaches with the objective for enabling policy makers, private companies and investigators to detect trends and gain knowledge from others' errors.
Related article: Celebrity Image Used For Spamming Once Again
» SPAMfighter News - 13-02-2008