We have a right to information on data security breaches

David Lazarus writes:

Sam Greyson was surprised to receive a new credit card the other day from Bank of America. He was also surprised to learn that the bank had changed his account number because of a security breach involving another business.

But the thing that surprised Greyson most was that when he called BofA to find out more about the breach, he was essentially told to pound sand.

“They wouldn’t tell us anything,” he said. “They said we could read about it in the newspaper.”

That would change if legislation now making its way through Sacramento becomes law. The bill from state Sen. Joe Simitian (D-Palo Alto) would tighten California’s existing breach-notification rules to require more detailed disclosure of privacy violations.

The legislation, SB 24, passed the Senate in April and is now under consideration in the Assembly.

Read more in the Los Angeles Times.

When I saw the headline, I thought David would be talking about bills in Congress on breach notification, but he’s talking state law. Even if SB 24 passes in California, will Congress ensure that any federal law is at least as strong as the strongest state law? If it’s not, we all lose.

About the author: Dissent