New Calif. ID-theft bill would toughen earlier law
If adopted, it would cover all data kept on California residents by companies
Computerworld - Companies concerned about potential liability issues raised by California's identity-theft law may have a whole lot more to worry about if a recently proposed piece of similar legislation is passed.
The proposed ID-theft law, which has managed to remain below the radar of many companies for some time now, is called Senate Bill 1279 and was introduced by California Sen. Debra Bowen on Feb. 13.
The proposed bill seeks to toughen and broaden the scope of legislation already in place.
Under that law, put into place last year, any company that maintains computerized databases containing certain personal information about California residents is obligated to inform those individuals of any security breach in which unencrypted personal data may have been compromised.
SB 1279 seeks to widen the definition of breachable data to include all data, rather than only computerized data. Under SB 1279, any personal data maintained on voice systems or on paper would be covered by the same provisions that currently apply only to computerized data.
The bill would also require companies that suffer a security breach involving personal information to provide two years of credit-monitoring services, without charge, to each affected individual.
"As you might guess, this bill would significantly impact organizations already concerned about SB 1386," said a security analyst at a large financial services organization with operations in California who asked not to be named.
"It would have some real serious operational implications for affected companies," the user said. For one thing, the potential costs of paying for credit-monitoring services for individuals whose personal information may have been compromised is huge. Broadening the definition of breachable data also makes the task of protecting it "monumentally" difficult, he said.
"So naturally, from a practioner's perspective, none of us are thrilled about it," he said.
Extending the scope of the identity theft law to include non-computerized data as well as non-electronic data couldpose huge challenges, said Christopher Pierson, an attorney with Lewis and Roca LLP, in Phoenix.
"It greatly increases the number of documents that needs to be protected and the risk of [legal] exposure," Pierson said.
California's existing law also provides a safe harbor for companies that encrypt personally identifiable information. That escape clause will not be available under the new bill since companies will not be able to encrypt hard copy documents, he said.
As a result, there would be signifcant pressure on companies to pay attention not only to IT security but to physical security, too, he said.
According to the user who did not wish to be named, there already is a quiet lobbying effort under way tostop the bill from being passed.
But because of rising concerns over identity theft the proposed measure will ikely pass muster, Pierson said.
The law adds to a growing number of privacy and identity-theft related regulations being considered or enacted in California.
On July 1, a new privacy law goes into affect that will require commercial Web sites to post privacy notices. Another law, set to go into effect next January, requires companies to provide individuals with a list of all the information that has been collected about them and is being shared with third parties.
Companies unwilling to do so are required to give consumers a clear way of opting out of information sharing.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Gov't Legislation/Regulation White Papers | Webcasts