California Gov. signs identity theft protection bill into law
September 7th, 2011
Sen. Joe Simitian’s (D-Calif.) identity theft protection bill became law last week as California Gov. Jerry Brown signed California Senate Bill 24, which gives consumers the information they need to help prevent identity theft.
In 2008, 2009 and 2010, Simitian placed three earlier versions of the security breach notification bill on the desk of former governor Arnold Schwarzenegger. All three times the bill was vetoed.
Richard Holober, executive director for the Consumer Federation of California, a consumer advocacy group, wrote in an Aug. 31 article in California Progress Report that security breaches exposed at least 500 million personal records of Americans since 2005, according to research by the Privacy Rights Clearinghouse. Some of the breached records contained sensitive data such as Social Security numbers, bank or credit card numbers or medical information.
“Sony, Citibank and the Bay Area Rapid Transit District are recent examples of businesses and government agencies whose customers’ records were stolen by hackers. Just last week it was revealed that 300,000 Californians’ medical records along with their Social Security numbers were able to be viewed for months to anyone with an internet connection, owing to an insurance processing business’ failure to safeguard its electronic data files,” Holober wrote. “Whether through negligence, or through intentional hacking or stealing, data breaches are a common way to steal one’s identity. Public awareness of these security breaches came about when then-California Assemblyman Simitian authored his first bill in 2001.”
California Senate Bill 24 provides further elaborations to California's breach notification law. The bill outlines which details must be included in a notification letter, and makes sure the Attorney General is notified of the breach, Holober wrote. “If a Social Security number or drivers’ license is exposed, the notice letter explains how to contact credit agencies. That’s especially important, because it empowers consumers to better monitor their accounts for evidence of identity theft, and to take concrete steps to prevent identity theft, including freezing your credit report,” the report said.
Requiring these details also creates an incentive for companies and state agencies to be careful with consumers' private information, he said.
“It won't come as a surprise to anyone that technology puts our private information at risk. The exponential growth of electronic records – while beneficial in many respects – makes breaches more likely and far more severe,” he said. “Losing a filing cabinet with 500 records is difficult. Losing a laptop with 5 million records is all too easy. For this reason, over 40 states have adopted security breach notice laws modeled on California law.”