California Privacy Advocates Urge Defeat Of Federal Data Breach Notice Bill

SACRAMENTO, Calif., April 14, 2015 /PRNewswire-USNewswire/ — Six California privacy and consumer groups have called on members of the U.S. House Energy and Commerce Committee to oppose federal legislation that would wipe out California’s landmark data breach notification laws. The House Committee may hear the Data Security and Breach Notification Act of 2015 as early as Wednesday, April 15. California Congress members on the House committee are Lois Capps, Tony Cardenas, Anna Eshoo, Doris Matsui and Jerry McNerney. Privacy Rights Clearinghouse, Consumer Federation of California, Consumer Watchdog, World Privacy Forum, The Utility Reform Network (TURN), and Consumer Action are urging the members of Congress to defeat the proposed federal bill.

California was the first state to implement a data breach notice law in 2003, and has since amended the law several times to address changing threats. It is among the strongest such laws in the country, and offers Californians significant consumer protections. It has served as a model for legislation enacted on dozens of states. The inadequate standards of the federal Data Security and Breach Notification Act of 2015 would preempt and replace the more protective state breach notice laws.

Consumer rights advocates point out that the proposed federal legislation:

  • Contains a significantly narrower definition of personal information than existing California law, eliminating several categories of personally identifiable data, including certain sensitive medical and health insurance information.
  • Ties a breach notification to a breached business’ subjective guess work regarding possible financial harm, rather than California’s requirement of a consumer notice whenever records are likely acquired by unauthorized people.
  • Eliminates the California requirement that a breached entity provide notice to the California Attorney General.
  • Strips California security breach victims of the right to sue to recover damages.
  • Removes a California requirement for breached entities to provide identity theft prevention and mitigation services to residents whose private information is hacked or exposed.

Privacy advocates sent identical letters to Congress members Capps, Cardenas, Eshoo, Matsui and McNerney.