New Legislation Builds on California Data Breach Law

This bill requires businesses to notify consumers of compromised passport numbers and biometric data.

Dark Reading Staff, Dark Reading

February 22, 2019

1 Min Read
Dark Reading logo in a gray background | Dark Reading

California Attorney General Xavier Becerra and Assemblymember Marc Levine this week unveiled legislation to close a loophole in the state's existing data breach notification laws.

AB 1130, introduced by Levine, requires breached organizations to notify consumers if their passport number or biometric data is exposed. Becerra said this bill "closes a gap in California law and ensures that our state remains the nation's leader in data privacy and protection."

California became the first state to pass a data breach notification law in 2003, when it mandated companies inform consumers when they believe an unauthorized party has accessed their information. At the time, this personal data was limited to Social Security numbers, driver's license numbers, credit card numbers, and medical and health insurance data.

Legislation introduced this week will update the law to include passport numbers and biometric data, such as a fingerprint or retina/iris scan, as information protected under the statute.

The addition was prompted by the 2018 breach of Starwood Hotels' guest database. Marriott, which had acquired the company, revealed the incident had exposed more than 327 million records containing travelers' names, addresses, and more than 25 million passport numbers. California officials note how passport numbers are unique, government-issued, static identifiers, making them especially appealing to cybercriminals. Indeed, passport scans are hot on the Dark Web.

Read more details here.

INT19-Logo-HorizDates-3035.png

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights