California Privacy Advocates Urge Defeat of Federal Data Breach Notice Bill

Tuesday, April 14, 2015

InfosecIsland News

Ffc4103a877b409fd8d6da8f854f617e

Six California privacy and consumer groups have called on members of the US House Energy and Commerce Committee to oppose federal legislation that would wipe out California's landmark data breach notification laws. The House Committee may hear the Data Security and Breach Notification Act of 2015 as early as Wednesday, April 15. California Congress members on the House committee are Lois CappsTony CardenasAnna EshooDoris Matsui and Jerry McNerney. Privacy Rights Clearinghouse, Consumer Federation of California, Consumer Watchdog, World Privacy Forum, The Utility Reform Network (TURN), and Consumer Action are urging the members of Congress to defeat the proposed federal bill.

California was the first state to implement a data breach notice law in 2003, and has since amended the law several times to address changing threats. It is among the strongest such laws in the country, and offers Californians significant consumer protections. It has served as a model for legislation enacted on dozens of states. The inadequate standards of the federal Data Security and Breach Notification Act of 2015 would preempt and replace the more protective state breach notice laws.

Consumer rights advocates point out that the proposed federal legislation:

  • Contains a significantly narrower definition of personal information than existingCalifornia law, eliminating several categories of personally identifiable data, including certain sensitive medical and health insurance information.
  • Ties a breach notification to a breached business' subjective guess work regarding possible financial harm, rather than California's requirement of a consumer notice whenever records are likely acquired by unauthorized people.
  • Eliminates the California requirement that a breached entity provide notice to theCalifornia Attorney General.
  • Strips California security breach victims of the right to sue to recover damages.
  • Removes a California requirement for breached entities to provide identity theft prevention and mitigation services to residents whose private information is hacked or exposed.

SOURCE Consumer Federation of California

Possibly Related Articles:
6389
Privacy California data breach notice law
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.