California has enacted Senate Bill 24, first introduced in 2001 by Senator Joe Simitian, which strengthens existing state breach notification law. Since 2002, California law has required data holders to notify individuals if their data is breached, but the law did not specify what information should be included in the notification. This new law specifies the information that should be provided, including instructions on how to contact credit agencies. The law also requires that the state Attorney General be notified in the event of a breach. EPIC testified in 2009 before the House Commerce Committee against "federal preemption" in national data breach legislation, citing important legislative innovations to protect consumers that take place in states such as California. For more information, see EPIC: ID Theft.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.