BILL ANALYSIS �Ó
AB 1710
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB 1710 (Dickinson and Wieckowski)
As Amended August 19, 2014
Majority vote
-----------------------------------------------------------------
|ASSEMBLY: |43-25|(May 27, 2014) |SENATE: |24-10|(August 21, |
| | | | | |2014) |
-----------------------------------------------------------------
Original Committee Reference: JUD.
SUMMARY : Enhances privacy protections for sensitive personal
information. Specifically, this bill :
1)Provides that existing personal information data security
obligations apply to businesses that maintain personal
information, in addition to those who own or license the
information.
2)Provides that if the person or business providing the
notification was the source of the breach, an offer to provide
appropriate identity theft prevention and mitigation services,
if any, shall be provided at no cost to the affected person
for not less than 12 months, along with all information
necessary to take advantage of the offer to any person whose
information was or may have been breached if the breach
exposed or may have exposed two kinds of personal information:
social security numbers (SSNs) and driver's license numbers.
3)Provides that a person or entity may not sell, advertise for
sale, or offer to sell an individual's social security number,
except as permitted.
The Senate amendments substantially narrow this bill by deleting
the encryption requirement and limiting or deleting other
provisions.
FISCAL EFFECT : None
COMMENTS : The authors explain that this bill is the result of a
joint oversight hearing of the Assembly Judiciary and Banking
and Finance Committees regarding the massive recent consumer
information data breaches by Target, Neiman Marcus and other
retailers.
�
AB 1710
Page 2
Retail data breaches of sensitive personal information continue
to be a widespread and persistent problem, as shown by the
recent large incidents at Target and Neiman Marcus stores
involving the loss of over 110 million credit and debit card
numbers and other consumer records. According to a Javelin
Strategy and Research report, credit card fraud has increased as
much as 87% since 2010, culminating in aggregate losses of $6
billion nationwide.
According to many analysts, future data breaches may be
inevitable. Sometimes these breaches are caused or exacerbated
by carelessness. According to the 2014 Verizon Data Breach
Investigations Report, two out of three breaches last year were
accomplished simply by logging in using lost or stolen
credentials. In other cases, companies are the victims of
sophisticated and elaborate attacks. In either case, however,
these breaches impose significant costs and risks for consumer
and financial services companies, among others. This bill would
enact rules designed to improve security, enhance consumer
notification, and limit consumer harms when a breach does occur.
Analysis Prepared by : Kevin G. Baker / JUD. / (916) 319-2334
FN: 0005273