Identity theft prevention AB 1149 requires notification of data breaches (signed into law)

Governor Brown signed CFC-supported AB 1149 (Campos) on September 27, a bill to help stop identity theft by requiring all local government agencies to notify their workers and constituents if their electronic data has been hacked, as the state and the private sector are required to do.

Even though California law requires businesses and state agencies that keep, maintain, or lease computerized data containing personal information to notify individuals if a security breach occurs, local agencies have not been covered, leaving a weakness in consumer protection.

Without notification, consumers cannot take action to prevent or discover any fraud or identity theft that might result from the breach. Moreover, consumers have an intrinsic right to know about a possible invasion of their privacy.

Assemblymember Nora Campos contended that without such a law, there’s a patchwork of local policies – or no local policies at all – on disclosing information leaks. “People have the right to know if their personal information has been stolen so they can take appropriate steps to prevent further theft…This is a public duty.”

By extending the existing requirements to include local agencies, AB 1149 strengthens the state’s consumer protections and ensures that consumers can continue to trust their personal information to California’s local agencies.

Supporters of AB 1149 include:

  • Consumer Federation of California
  • California Federation of Teachers
  • Glendale City Employees Association
  • Privacy Rights Clearinghouse
  • San Bernardino Public Employees Association
  • San Luis Obispo County Employees Association
  • Santa Rosa City Employees Association
  • California Cable and Telecommunications Association
  • American Civil Liberties Union of California
  • Organization of Sacramento Municipal Utilities District Employees