Calif. Senate Judiciary Clears Data Broker, Breach Notification Bills
The California Senate Judiciary Committee supported data broker and breach notification bills at a late Tuesday hearing. The panel cleared SB-361, which adds requirements to the California Delete Act. And it approved SB-446, a data breach bill adding specific deadlines to the state’s notification law.
Sign up for a free preview to unlock the rest of this article
The Judiciary Committee voted 13-0 for a consent agenda that included SB-361 by Sen. Josh Becker (D). Consumer Reports and Privacy Rights Clearinghouse last week supported the bill, which would amend the California Delete Act to require disclosure of more types of personal information (see 2503260047). The bill adds several categories, including account log-in credentials, immigration status, sexual orientation and biometric data.
In addition, Judiciary members voted 12-0 for SB-446, forwarding the data breach notification bill to the Appropriations Committee. California’s current notification law doesn’t specify a deadline for notifications, but the bill by Sen. Melissa Hurtado (D) would require disclosures to California residents with 30 days of discovery or notification of a breach, plus a notice to the state attorney general within 15 days.
As amended by the committee, a business or individual could delay disclosure for legitimate law enforcement needs or “as necessary to determine the scope of the breach and restore the reasonable integrity of the data system,” said a committee analysis.
Hurtado told the committee she agrees with industry concerns that 15 days isn’t enough time to notify the AG. She said she’s working with industry on that issue.