Monday, October 04, 2010

Schwarzenegger Again Vetoes Amendments to California Data Breach Law

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Proposed legislation to amend California's data security breach notification law was vetoed by Governor Arnold Schwarzenegger on September 29, 2010.

Senate Bill 1166 would have required any agency, person, or business required to issue a notification under existing law to meet additional requirements regarding that notification.

The legislation would have required security breach notifications to be written in plain language and to contain certain specified information, including contact information regarding the breach, the types of information breached, and, if possible to determine, the date of the breach.

It also would have required notification to the California Attorney General of breaches affecting more than 500 California residents.

Schwarzenegger vetoed an identical bill in 2009.

Veto Statement

In a message to the members of the California Senate, Schwarzenegger said:

“California's landmark law on data breach notification has had many beneficial results. Informing individuals whose personal information was compromised in a breach of what their risks are and what they can do to protect themselves is an important consumer protection benefit. This bill is unnecessary, however, because there is no evidence that there is a problem with the information provided to consumers. Moreover, there is no additional consumer benefit gained by requiring the Attorney General to become a repository of breach notices when this measure does not require the Attorney General to do anything with the notices.

“Since this measure would place additional unnecessary mandates on businesses without a corresponding consumer benefit, I am unable to sign this bill.”

Further information about CCH Privacy Law in Marketing appears here.

No comments: