Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
California Governor, Arnold Schwarzenegger has vetoed a bill that would have updated the state's existing data breach disclosure law.
The move Sunday by Schwarzenegger surprised the author of SB-20, state Democratic Sen. Joe Simitian, who said in a statement that the final version of the bill eliminated any sources of dissent from the insurance and financial services industries.
The new legislation would have built on the landmark 2003 bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would have required that organisations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office.
But the governor, in a veto notice, said he decided to refuse the bill because there is no proof the additional information required by the legislation would actually help consumers. In addition, Schwarzenegger said he saw no reason why the attorney general's office needed to become a "repository" of data breach notifications.
The bill, though, had no opposition. On Aug. 26, the California Chamber of Commerce withdrew its dissent to the bill on behalf of 13 other entities, including the California Bankers Association, Association of California Insurance Companies and State Farm Insurance. The groups were satisfied with the amended bill, which eliminated a single provision that would have required breached firms to provide victims with an estimated number of total people affected by the incident.
“I'm surprised as well as disappointed by the governor's veto,“ Simitian said. “There was no opposition to the bill in its final form. This was a common sense step to help consumers. No one likes to get the news that personal information about them has been stolen. But when it happens, people are entitled to get the information they need to decide what to do next."
This is not the first time Schwarzenegger has shot down data security legislation. In October 2007, he vetoed the Consumer Data Protection Act, known as AB 779. That law would have set forth data security and breach notification requirements for merchants.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.