Security & Fraud

California To Strengthen Data Breach Laws, Close Loopholes

California To Strengthen Data Breach Laws

Lawmakers in California have proposed a new bill that would close some loopholes in data breach notification laws, according to reports.

Attorney General Xavier Becerra said the bill would increase the requirements where companies would have to notify people about stolen information, like their government ID numbers, passports and even biometric data like facial and iris recognition scans, or fingerprints.

The timing of the proposed bill comes after one of the biggest data breaches in history, by the Marriott-owned Starwood hotel chain. Becerra said that breach was the catalyst for the bill.

In September, Starwood revealed that 338 million guests’ data was stolen, including names, addresses, birth dates, email addresses, genders, phone numbers and even credit card info. Five million passport numbers were stolen, too.

By law, Starwood was not required to reveal that passport numbers or biometric data were stolen. California law only requires the disclosure of drivers’ license numbers, Social Security numbers, bank info, passwords, medical info and data collected through plate recognition software.

However, all of that would change under assembly bill 1130, Becerra said.

“We have an opportunity today to make our data breach law stronger, and that’s why we’re moving today to make it more difficult for hackers and cybercriminals to get your private information,” Becerra said. “AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.”

Other states, but not all, require notification of data breaches, including Florida, Oregon and Alabama. Iowa and Nebraska are two of the few states that have biometric data as a requirement for disclosure.

The new bill follows the California Privacy Act by less than a year. That law gave consumers more privacy rights, and parallels the General Data Protection Regulation in Europe. It was passed in June and will go into effect in 2020. The law was met with fierce resistance by tech companies in California, and many lobbied against it, asking for a weaker federal law.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The PYMNTS Next-Gen AP Automation Tracker, is a monthly report that highlights the most recent accounts payable developments and automated solutions that are disrupting how businesses process invoices, track spending and earn rebates on transactions.


To Top