http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227001108 By Kelly Jackson Higgins DarkReading Aug 25, 2010 A privacy breach notification bill recently passed by the California legislature would expand the state's existing law for how organizations notify consumers of a data breach. California's existing data breach law does not specify what the breach notification should include information-wise. "This bill is intended to fill that gap by establishing standard, core content for breach notification letters," reads the California Senate Bill 1166, which was first introduced to the legislature in March. Whether the new bill becomes law is up to Governor Arnold Schwarzenegger, who had previously vetoed a similar data breach bill because it put too much "unnecessary mandates on businesses without a corresponding consumer benefit," he said at the time. The new bill, among other things, requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security numbers, driver's licenses, or California ID cards. The breached organization would also have to explain how it's now protecting the affected victims and provide recommendations for how they can protect themselves. And if a single breach affects more than 500 California residents, the organization must send the Attorney General an electronic copy of the notification, according to the bill. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Aug 25 2010 - 23:21:13 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 23:34:17 PDT