California toughens security breach notification requirements

California toughens security breach notification requirements

The state of California is proposing new legislation that would make data breach reporting stricter. Senate Bill 24 would expand company requirements with regard to disclosing information about data security breaches, particularly breaches involving personal information. A key element of this proposed law is that it specifically relates to ordinary people who could be hurt by these data security breaches.

California defines “personal information” as data that reveals a person’s first name (or first initial) and last name as well as one or more of the following: a Social Security number, a driver’s license or California identification number, medical information, health insurance information, personal account data, and credit or debit card information combined with data that would grant account access. However, the state of California does not view data available to the general public as “personal information.”

The new California law comes at a time when federal legislation regulating data security breaches is also being proposed. Senator Richard Blumenthal, a Democrat from Connecticut, recently introduced a bill intended to protect citizens’ personal information.

If signed, the new law would impose fines on organizations that leak consumer information. With all of these new regulatory initiatives, businesses would do well to make sure that their data security systems are sufficient to protect sensitive information.