In a move that surprised everyone (but mostly Senator Joe Simitian, the author of the final version), Governor Schwarzenegger put a veto on a bill meant to update the famous California data breach disclosure law (SB-1386).
As SC Magazine reports, this new legislation was agreed upon even by the insurance and financial services industries. The bill was supposed to prescribe the inclusion of additional information in breach notification letters to customers, such as the description of the incident and the type of the compromised information. It would also have to contain advice on safeguarding oneself against identity theft.
Another provision was directed towards informing the state Attorney General’s office if the breach compromised more than 500 people. And this was the reason (along with the lack of proof that this addition information would be helpful to consumers) that Schwarzenegger offered in his veto notice.
“There is no additional consumer benefit gained by requiring the Attorney General to become a repository of breach notices when this measure does not require the Attorney General to do anything with the notices”, he remarked.