California Passes Updated Data Breach Legislation

California has enacted Senate Bill 24, first introduced in 2001 by Senator Joe Simitian, which strengthens existing state breach notification law. Since 2002, California law has required data holders to notify individuals if their data is breached, but the law did not specify what information should be included in the notification. This new law specifies the information that should be provided, including instructions on how to contact credit agencies. The law also requires that the state Attorney General be notified in the event of a breach. EPIC testified in 2009 before the House Commerce Committee against "federal preemption" in national data breach legislation, citing important legislative innovations to protect consumers that take place in states such as California. For more information, see EPIC: ID Theft.


« Federal Appeals Court Holds Individuals Have a Right to Record Public Officials | Main | Citing Unreliability, Germany Rejects Airport Body Scanners »

Share this page:

Defend Privacy. Support EPIC.
EPIC Mueller Report book
US Needs a Data Protection Agency