Security & Fraud

California To Strengthen Data Breach Laws, Close Loopholes

California To Strengthen Data Breach Laws

Lawmakers in California have proposed a new bill that would close some loopholes in data breach notification laws, according to reports.

Attorney General Xavier Becerra said the bill would increase the requirements where companies would have to notify people about stolen information, like their government ID numbers, passports and even biometric data like facial and iris recognition scans, or fingerprints.

The timing of the proposed bill comes after one of the biggest data breaches in history, by the Marriott-owned Starwood hotel chain. Becerra said that breach was the catalyst for the bill.

In September, Starwood revealed that 338 million guests’ data was stolen, including names, addresses, birth dates, email addresses, genders, phone numbers and even credit card info. Five million passport numbers were stolen, too.

By law, Starwood was not required to reveal that passport numbers or biometric data were stolen. California law only requires the disclosure of drivers’ license numbers, Social Security numbers, bank info, passwords, medical info and data collected through plate recognition software.

However, all of that would change under assembly bill 1130, Becerra said.

“We have an opportunity today to make our data breach law stronger, and that’s why we’re moving today to make it more difficult for hackers and cybercriminals to get your private information,” Becerra said. “AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.”

Other states, but not all, require notification of data breaches, including Florida, Oregon and Alabama. Iowa and Nebraska are two of the few states that have biometric data as a requirement for disclosure.

The new bill follows the California Privacy Act by less than a year. That law gave consumers more privacy rights, and parallels the General Data Protection Regulation in Europe. It was passed in June and will go into effect in 2020. The law was met with fierce resistance by tech companies in California, and many lobbied against it, asking for a weaker federal law.



About: Accelerating The Real-Time Payments Demand Curve:What Banks Need To Know About What Consumers Want And Need, PYMNTS  examines consumers’ understanding of real-time payments and the methods they use for different types of payments. The report explores consumers’ interest in real-time payments and their willingness to switch to financial institutions that offer such capabilities.