Posted by Dan Morrill

What happens in California usually ends up impacting companies doing business in California, and the new Data Breach bill looks like it could be another HB 1386 in terms of impact.

The Data Breach Notification Bill, Assembly Bill 779, was approved Tuesday by the state Assembly Judiciary Committee with an 8-2 vote. The bill, authored by committee chairman Assemblyman Dave Jones (D-Sacramento), seeks to improve data security by requiring accountability and reimbursement of affected parties if a data breach occurs. Source: BizJournals

The idea of the bill is to notify and pay restitution for a company doing business in California if California residents are involved in a data breach.

While companies and information security people have been working with HB 1386, adding the AB 779 to the process changes the language substantially and makes it much more apparent what is public and what is private data.

The greatest impact will probably be on transaction clearning houses, credit card processors, and systems that retain data in violation of the CISP standards like some cash registers, payment processing systems, and other affiliated systems.

It makes for some very interesting reading, you can read the guts of the law here. It will be interesting to see how companies in California respond to this and to see if a lobbyist company or group will try to kill this one off.

Comments

About the Author: Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.