A proposed California law that would have significantly broadened the scope of an existing state identity theft law has been quietly amended in what appears to be a concession to groups opposing it.
Senate Bill 1279 was originally proposed by California Sen. Debra Bowen on February 13. It seeks to widen the scope of an existing California identity theft law that went into effect last July.
Under that law, any company that maintains computerized databases containing certain pieces of personal information about California residents must alert those individuals of any security breach in which unencrypted personal data may have been compromised.
A similar measure was introduced in Congress by California Sen. Dianne Feinstein. Her bill would require companies to notify customers whenever their personal data are compromised through unauthorized access.
Expanding the Reach
Bowen's proposed bill seeks to expand the scope of that legislation. Her measure would make it mandatory for companies to report breaches involving not just computerized data, but data maintained on other media as well, such as voice systems and paper.
Critics had argued against the provision, saying that it would prove extremely hard for companies to comply with because of the vast amount of data that would need to be protected. The proposal would also require companies to exercise an unfeasible level of control over employee activities and workspaces, according to critics.
In what appears to be a response to such concerns, the proposed bill has been amended to once again apply only to computerized data.
Two other important provisions in the proposed bill remain unchanged, however. Companies that suffer a security breach involving personal information still must provide two years of credit-monitoring services, without charge, to each affected individual. The bill also requires credit reporting agencies to let consumers add a password to their credit files, and prospective readers of that report would need to enter the password for access.
The impetus for SB 1279 arose in part from two separate incidents earlier this year, according to a February 17 statement from Bowens' office.
In one incident, Bank of America inadvertently mailed 3800 tax forms containing financial information and Social Security numbers to the wrong individuals. The other incident involved the hacking of a computer in the state Employment Development Department containing personal information for about 90,000 people.
In fact, identity theft continues to climb. The Federal Trade Commission acknowledges in its 2003 report that nearly half of the consumer fraud complaints received are related to identity theft. Online activity is the source of most of those problems, the FTC notes.
This story, "Identity Theft Bill Softened" was originally published by Computerworld.