AG Becerra, Assemb. Levine Announce Legislation to Strengthen Data Breach Notification Law
Articles,  Blog

AG Becerra, Assemb. Levine Announce Legislation to Strengthen Data Breach Notification Law


okay good afternoon thank you for being
here today in San Francisco I am thrilled to be joined by assembly member
Mark Levine who has been a not only a champion on some of these privacy issues
but it’s it’s a it’s a great working relationship with his team and my team
to be able to work on some of these issues that are important for all
consumers in California when it comes to their privacy so let’s get to this last
year the California State Assembly where the help of Assemblymember Levine passed
landmark legislation along with the state Senate providing Californians with
a greater level of internet protection than any other place in America in fact
almost any other place in the world and that California consumer Privacy Act is
now law the Department of Justice is in the process of doing everything we can
to solicit comment and information so we can prepare regulations for the
implementation of that law and we will be able to say in California as we’ve
been able to say on so many other occasions that we are the leaders we are
at the forefront of protecting the rights of the people of this country who
live in the state of California that’s something that we take pride in being
able to say that we work hard to be forward-leaning and to make sure that
our people have every opportunity to do the best they can for their families and
for our state and certainly that helps our country we’ve been a leader in
protecting people’s precious personal data for decades we have some of the
most robust privacy laws in the nation back in 2003 we were the first in the
nation to try to protect Americans in California when there had been a breach
by some Proctor into a company’s data that would cause the disclosure of a
consumers personal information that legislation provided protections for
Californians it said that if a company suffered a breach that come
but he had to notify you if your personal data had been disclosed 2003 to
date the United States government hasn’t done nothing to protect Americans in the
same way there have been other states who have joined California in trying to
provide that type of protection but California continues to be the leader
when it comes to protecting individual’s privacy so should surprise no one that
today I’m standing here with Assemblymember Levine to talk about how
we’re actually now planning to try to improve on that 2003 law we’ve learned a
few things over the years we’ve seen what’s happened with some of these
breaches and we have more information now to help guide us and I want to thank
Assemblymember Levine for the work that he’s been doing on these issues it takes
a lot of vigilance and a lot of persistence it’s an evolving area of the
law and we need people who are on top of it I would say that what reminds of
Californians of how important this is are the instances when their privacy is
not protected if I were to mention the uber incident where 57 million users of
uber had their private information disclosed in a day data breach that
might trigger your memory of why it is important that we have some way to
protect what we give to these companies we reach their historic settlement with
uber a few months back we secured 148 million dollars in a nationwide
settlement to resolve that breach that occurred with ubers customers the
difficulty here is that if you recall uber not only failed to report to
Californians that breach in a timely way it also actually tried to pay the
hackers to cover up the breach that’s where you end up having to pay
148 million dollars for what you did we have an opportunity today to make that
data breach law stronger and that’s why we’re moving today to try to make it
more difficult for those hackers and those cyber criminals to not win in this
game of getting your private information as we know California law requires
companies to notify any California resident whose personal information has
been compromised the bill we’re introducing today adds as I mentioned a
couple of categories of personal information that will gain that same
level of protection government-issued ID numbers which are already part of it
will now include passports passport cards and green cards biometric
information your fingerprints retina scans the type of bio from it
information biometric information that’s being used more and more that will also
now get coverage if this measure becomes law you may recall the Starwood Hotels
breach that occurred not long ago Starwood now be known by Marriott that
breach last year underscores the importance of protecting passport
numbers Starwood Hotel suffered a massive data breach of its guests
database some 327 million records containing a guests name address phone
number date of birth gender passport numbers and more the company has
confirmed that more than five million of their guests unencrypted passport
numbers were stolen current law of course doesn’t include those passport
numbers under protections and so if it had only been passport information
Starwood Hotel would not have had to report that data breach information to
those five million customers who had their passport numbers disclosed these
passport numbers are valuable to criminals especially those who seek to
build fake profiles and commit sophisticated
identity theft and fraud this bill would close that loophole and extend that
protection to those people who deserve it and it is a simple but essential
additional move to perfect our data breach law we hope that this is a
legislation that will swiftly pass in the legislature and get the approval of
the governor and we hope then that we can further secure Californians personal
information for their own personal use not for some fraudsters use with that
let me ask Assemblymember of Lavine for his remarks thank you very much Attorney
General Becerra good afternoon my name is Assemblymember Mark Levine I’m proud
to represent California’s 10th Assembly District which includes Marin and
Southern Sonoma County’s Attorney General visera thank you for standing
with me today to protect Californians from data breaches your leadership has
been outstanding and I am grateful to have you as a partner with a be 11:30
there is a real danger when our personal information is not protected by those we
trust while sharing some personal identifying information can make travel
and e-commerce more convenient as we have seen from numerous media reports
data breaches are becoming all too common an occurrence in our nation
according to privacy rights Clearing House since 2005 over 9,000 data
breaches have been reported in the United States alone impacting over
eleven point five billion records to highlight just a few personal data
breaches over the past eight years a stroll down memory lane if people
haven’t remembered or if they’ve forgotten in 2011 Sony’s PlayStation
Network was hacked comprising compromising the personal information of
77 million gamers in 2013 the retail chain target was hacked compromising the
personal information of 110 million customers in 2014
Internet Retailer eBay was hacked compromising the personal information of
145 million customers in 2017 the credit monitoring company Equifax was hacked
compromising the personal information of 143 million customers and in 2018 the
hotel chain Marriott was hacked compromising 327 million customers
information including passport numbers for millions of them while some in
Washington feign a crisis at our southern border no wall no matter how
tall would have protected the 327 million customers from having their
personal information some including passport numbers stolen by hackers
during the 2018 Marriott breach America doesn’t need a wall at our southern
border what America needs is a firewall to protect American consumers from
identity theft and fraud hacking of passport information on personal or
personal biometric data is especially dangerous in the hands of those who seek
to commit harm including drug cartels seeking to smuggle illegal drugs and
weapons in the United States through our ports of entry businesses must do more
to protect personal data and I am proud to stand with attorney general Becerra
in demanding greater disclosure by a company when a data breach has occurred
a B 1130 will close a loophole in the state’s existing data breach
notification law by requiring businesses to notify consumers of compromised
passport numbers and biometric information in 2003 California became
the first state to pass a data breach law requiring companies to disclose
breaches of personal information to California consumers whose personal
information was or is reasonably believed to have been acquired by an
unauthorized person this personal information includes identifiers such as
a person’s social security number driver’s licenses credit card number and
medical and health insurance information a B 1130 would update that law to
include passport numbers as personal information protected
or the statute passport numbers are unique government-issued static
identifier of a person which makes them valuable to criminals seeking to create
or build fake profiles and commit sophisticated identity theft consumer
fraud or immigration fraud this bill would also update the statute to include
protections for a person’s unique biometric information such as a
fingerprint retina or iris image we must all do more to protect Americans from
identity theft and the business the businesses we patronize must do more to
protect our personal information a B 1130 is an important step toward
protecting personal and biometric data thank you again
Attorney General Becerra for your leadership I look forward to working
with you my legislative colleagues and governor Newsom this year to make sure
it becomes law thank you

Leave a Reply

Your email address will not be published. Required fields are marked *