Data Breach. Privacy.
Anyone who closely follows the news has heard the term “data breach” all too often in recent months. A violation of ones privacy rights. There is little doubt that these “breaches” of consumer’s personally identifiable information (PII) via the nation’s retailers are becoming a serious threat to consumers.
This problem has hit California particularly hard over the past year, so much so that some have begun referring to 2014 as “the year of the data breach.” California legislators have taken notice. In the wake of this epidemic, the State has proposed two bills designed to educate consumers and keep retailers accountable for safeguarding personal information.
One bill proposed by State Senator Hannah-Beth Jackson, of California’s 19th district, is SB-570. The bill seeks to simplify and standardize the manner in which consumers are informed of any data breach. The bill requires notification of a data breach to be detailed, in a simple to read one-page document headlined “Notice of Data Breach,” with a predefined format containing the following information:
- “What Happened”
- “What Information Was Involved”
- “What Are We (retailer) Doing”
- “What You Can Do”
- “For More Information”
A second bill dealing with this issue is AB 964, sponsored by Assembly Member Ed Chau, of California’s 49th Assembly District. Among other things, this bill seeks to define the term “encryption” when used by businesses. The bill defines encryption as “rendered unusable, unreadable, or indecipherable through a security technology or methodology generally accepted in the field of information security.”
At the present time data breach statutes in the state of California fall under the umbrella of the Customer Records Act, which specifies that companies “must implement and maintain reasonable security procedures and practices,” in regards to customer’s Personally Identifiable Information, and notify the customer of breaches without “unreasonable delay.”
Will these pending Senate and Assembly bills do anything to stem the tide of personal data breaches? While these proposed bills may tighten up procedures and language concerning how businesses handle notification of data breaches, they don’t specifically create a solution to the crime itself. Sadly, with hackers becoming more sophisticated, companies becoming less careful in how they handle our PII and our privacy, and consumers becoming more careless with their own private information, eradicating these crimes altogether may be a long and tedious battle.
So what can consumers do?
Right or wrong, the brunt of the responsibility falls on you, as usual. Shopping with credit and debit cards, while very convenient, opens you up to some risk. You must take proactive steps to protect yourself and you must be vigilant when it comes to your finances. Read here for some simple common sense tips to avoid data breaches: http://www.usatoday.com/story/money/business/2014/09/21/5-ways-to-protect-yourself-from-data-breaches/15953321/
Remember, the first line of protection is always you. Stay involved, stay alert and stay informed. ‘
Until next time, I’m Attorney Francine Ward helping you protect what’s yours. Join my conversation on Law Facebook, Esteemable Acts Facebook Fan Page, Law Twitter, Esteemableacts Twitter, or in one of my LinkedIn groups, Google+ Circles.