It is estimated that there are approximately 10 million identity theft victims a year. According to the Federal Trade Commission, ID theft is the fastest growing crime in the U.S. In responding to the growing number of ID thefts, State Senator Joe Simitian(D-Palo Alto), introduced Senate Bill 24, which was approved this week by the California State Senate. The bill passed in the State Senate with 31 voting yes and 6 voting no. SB 24 is even stronger than the existing law on the same issue, authored by Simitian in 2002, and it is considered the “logical next step."
In championing the privacy rights of his constituents to have proper notification when there has been a data breach in which personal information has been compromised in some way, usually in a business or in a government agency, Simitian said, "No one likes to get the news that personal information about them has been stolen. But when it happens, people are entitled to get the information they need to decide what to do next,” he said.
Simitian’s 2002 data breach law, which stands as current law in California simply requires companies and the state government to inform consumers when their personal information has been breached. SB 24 goes further by requiring greater detail; such as the type and the time of the breach and toll-free telephone numbers of major credit reporting agencies for security breach notices. SB 24 also requires the agency or company where the breach took place to supply a copy of the notification to the Attorney General if more than 500 Californians are affected by a single breach.
The Samuelson Law Technology & Public Policy Clinic at UC Berkeley did a survey and found that 28 percent of affected consumers who received a breach letter did not understand its consequences after reading the letter. At least 500 million sensitive records in the U.S. have been compromised since 2005, according to Privacy Rights Clearinghouse, a non-profit consumer education and advocacy group. More than 40 other states have adopted legislation that resembles Simitian’s first privacy legislation. Legislation similar to SB 24 has also been adopted in Puerto Rico and in fourteen other states.
“The changes proposed to the law by Senator Simitian’s bill enhance identity theft protection for Californians,” said Richard Holober, Executive Director of the Consumer Federation of California. “We’re hopeful that the legislature will once again continue to move this bill forward, and that Governor Brown will sign it into law.”
Governor Schwarzenegger vetoed Simitian’s previous attempts at a security breach notification upgrade. Simitian says he hopes that with a new administration, “a signature by the governor may be possible this year.”
SB 24 must now be voted on by the California State Assembly before it reaches the governor.
To contact the author of this article, email Nozipo Wobogo at firstname.lastname@example.org.