Paper Based Security Breach Bill Advances

By CMTA Staff

Capitol Update, June 22, 2005 Share this on FacebookTweet thisEmail this to a friend

SB 852 (Debra Bowen, D-Marina Del Rey) expands the state’s existing computer breach law to non-computerized information on paper.  Existing law requires businesses and most state government agencies that have a computerized breach to notify the individuals whose information has been "acquired".  SB 852 proposes to expand the state’s computer breach law to information on paper as long as that information matches what is on a computer.

The bill would require businesses and government departments to send out a breach notice to "any resident of California whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person."  The "reasonably believed" standard is of great concern as it does not allow for any flexibility with regard to the trigger for mandatory notice.  If a company has reason to believe that an unauthorized person has acquired information, then a notice must be sent.  There is no flexibility for a business to investigate a given case to determine if a notice is warranted. 

Such an investigation is likely to be necessary in the case of information held on paper. While there are numerous ways that computer programs can determine if a breach has occurred and if information was acquired, the same cannot be said for documents, notes, folders, trash, etc. - all paper-based sources covered by the bill.

CMTA member companies believe that SB 852 should allow for investigations on a case-by-case basis and, if there is no danger of harm, then notices should not have to be sent. Such guidelines would be consistent with federal bank regulators who have guidelines that require notice for breaches of paper information, should an investigation determine that that is warranted.

The bill passed the Assembly Judiciary committee on June 21st.  CMTA will again oppose the bill at its next hearing in the Assembly Business & Professions committee on June 28th.

Read more Regulatory / Legal articles

Capitol updates archive 989898989