Posted By HIPAA Journal on Feb 22, 2019

Share this text on:

The information Breach notification regulations in California are already one of the vital hardest within the United States, even supposing they might quickly turn into even harder if a brand new invoice is signed into legislation.

Currently, California legislation calls for information breach notifications to be issued to shoppers when there was a breach of economic/banking data, Social Security numbers, medical health insurance data, scientific data, motive force’s license numbers, passwords, and knowledge accumulated thru computerized registration number plate popularity techniques. The new invoice seeks to extend that record to come with Passport Numbers and biometric information corresponding to fingerprints, iris/retina scans, and facial popularity information.

The invoice – AB 1130 – was once presented via Assemblymember Marc Levine (D-San Rafael) and seeks to shut a loophole within the present information breach notification legislation which might see breaches of extremely delicate data cross unreported.

The large information breach at Marriott in 2018 precipitated the invoice. A database containing the delicate data of visitors of the Starwood Hotels chain was once stolen, ensuing within the robbery of visitors’ names, addresses, and greater than 25 million passport numbers. In general, the non-public data of 327 million visitors was once stolen via cybercriminals.

Current information breach notification regulations in California would have allowed the sort of breach of passport numbers to cross unreported and shoppers wouldn’t have wanted to be notified. While Marriott did factor notifications, different firms would possibly not had been so imminent about the sort of breach.

“Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization,” mentioned Attorney General Xavier Bercerra. “AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.”

If the invoice is handed, California will sign up for Alabama, Florida, and Oregon in requiring breach notifications to be issued for breaches of passport numbers and states corresponding to Iowa and Nebraska, which already require breach notifications to be issued for the publicity of biometric information.