Consumer Federation of California

Bill Status: SB 1166 (Simitian) passed the Senate floor on April 15th by a vote of 31 to 5 and the Senate Judiciary Committee by a vote of 4 to 1 on March 23rd, 2010. The bill is scheduled to be heard in the Assembly Judiciary Committee on June 15th.

CFC Position: Support

The Consumer Federation of California supports SB 1166, which is scheduled for an upcoming hearing in the Senate Judiciary Committee on March 23, 2010.

SB 1166 would amend California’s security breach notification law stating that any public agency, person or business required to issue a security breach notification to more than 500 residents must submit the notification electronically to the Attorney General.  This measure also requires that the notification be written in plain language and include contact information regarding the breach, the types of information breached, and the date, estimated date, or date range of the breach.

Additionally, SB 1166 would amend the substitute notice provisions of California’s security breach notification law to require that an entity providing substitute notice also provide notice to the Office of Information Security and Privacy Protection.

California’s current security breach notification law does not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers.  As a result, security breach notification letters often lack important information – such as the time of the breach or type of information that was breached – or are confusing to consumers.

This leaves consumers uncertain about how to respond to the breach or protect themselves from identity theft.  SB 1166 makes relatively modest but helpful changes to the current security breach notification statutes to enhance consumer knowledge about, and understanding of, security breaches.

The Consumer Federation of California urges an AYE vote on SB 1166.