BILL ANALYSIS Ó AB 1710 Page 1 CONCURRENCE IN SENATE AMENDMENTS AB 1710 (Dickinson and Wieckowski) As Amended August 19, 2014 Majority vote ----------------------------------------------------------------- |ASSEMBLY: |43-25|(May 27, 2014) |SENATE: |24-10|(August 21, | | | | | | |2014) | ----------------------------------------------------------------- Original Committee Reference: JUD. SUMMARY : Enhances privacy protections for sensitive personal information. Specifically, this bill : 1)Provides that existing personal information data security obligations apply to businesses that maintain personal information, in addition to those who own or license the information. 2)Provides that if the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed two kinds of personal information: social security numbers (SSNs) and driver's license numbers. 3)Provides that a person or entity may not sell, advertise for sale, or offer to sell an individual's social security number, except as permitted. The Senate amendments substantially narrow this bill by deleting the encryption requirement and limiting or deleting other provisions. FISCAL EFFECT : None COMMENTS : The authors explain that this bill is the result of a joint oversight hearing of the Assembly Judiciary and Banking and Finance Committees regarding the massive recent consumer information data breaches by Target, Neiman Marcus and other retailers. AB 1710 Page 2 Retail data breaches of sensitive personal information continue to be a widespread and persistent problem, as shown by the recent large incidents at Target and Neiman Marcus stores involving the loss of over 110 million credit and debit card numbers and other consumer records. According to a Javelin Strategy and Research report, credit card fraud has increased as much as 87% since 2010, culminating in aggregate losses of $6 billion nationwide. According to many analysts, future data breaches may be inevitable. Sometimes these breaches are caused or exacerbated by carelessness. According to the 2014 Verizon Data Breach Investigations Report, two out of three breaches last year were accomplished simply by logging in using lost or stolen credentials. In other cases, companies are the victims of sophisticated and elaborate attacks. In either case, however, these breaches impose significant costs and risks for consumer and financial services companies, among others. This bill would enact rules designed to improve security, enhance consumer notification, and limit consumer harms when a breach does occur. Analysis Prepared by : Kevin G. Baker / JUD. / (916) 319-2334 FN: 0005273