![]() |
| California pioneered laws around data breach disclosure with SB-1386, requiring that companies inform consumers when their data has been compromised. Now, state senator Joe Simitian wants to update the law with SB-20. The primary change is greater specificity around what information must be included in the notifications, and a requirement that breaches of a certain size generate notification to the state attorney general. While these are largely good changes, I still think the law misses the one question that most consumers really want answered when their data has been compromised: What should I do about it? Of course, that's a hard question to answer, so it's not surprising that it hasn't been adequately tackled. |
