BILL ANALYSIS �Ó
AB 964
Page 1
ASSEMBLY THIRD READING
AB
964 (Chau)
As Amended May 28, 2015
Majority vote
-----------------------------------------------------------------
|Committee |Votes |Ayes |Noes |
| | | | |
| | | | |
|----------------+------+--------------------+--------------------|
|Privacy |7-1 |Gatto, Calderon, |Wilk |
| | |Chau, Cooper, | |
| | |Dababneh, Gordon, | |
| | |Low | |
| | | | |
|----------------+------+--------------------+--------------------|
|Appropriations |11-4 |Gomez, Bloom, |Bigelow, Chang, |
| | |Bonta, Calderon, |Gallagher, Wagner |
| | |Eggman, Eduardo | |
| | |Garcia, Holden, | |
| | |Quirk, Rendon, | |
| | |Weber, Wood | |
| | | | |
| | | | |
-----------------------------------------------------------------
SUMMARY: Defines, for purposes of the existing data breach
notification requirements for businesses and public agencies, the
term "encrypted" to mean "rendered unusable, unreadable, or
indecipherable to an unauthorized person through a security
�
AB 964
Page 2
technology or methodology generally accepted in the field of
information security."
FISCAL EFFECT: According to the Assembly Appropriations
Committee, there is a negligible fiscal impact.
COMMENTS:
1)Data breaches are a fast-growing threat. 2014 was a
record-setting year in terms of the number of security breaches
reported. According to a January 2015 report by the California
Attorney General's Office, 187 breaches were reported to the
California Department of Justice in 2014, compared to 167 in
2013 and 131 in 2012.
According to the Identity Theft Resource Center, there were 783
data breaches reported nationwide in 2014 - a 27.5% increase
over the previous year. The Privacy Rights Clearinghouse
reports that more than 815 million records have been compromised
in more than 4,489 publicly acknowledged data breaches since
2005.
2)Related legislation. AB 83 (Gatto) of the current legislative
session requires businesses that own or maintain personal
information to secure that data to the extent that any
"reasonably prudent business" would provide, and specifies
certain requirements and considerations that must be part of any
reasonable security procedures and practices. AB 83 is pending
in the Senate Judiciary Committee.
AB 259 (Dababneh) of the current legislative session requires a
public agency that is the source of a data breach to offer at
least 12 months of identity-theft prevention and mitigation
services at no cost to affected consumers. AB 259 is pending on
the suspense file in the Assembly Appropriations Committee.
SB 34 (Hill) of the current legislative session amends the Data
Breach Notification Law to add to the definition of "personal
�
AB 964
Page 3
information" any information or data collected through the use
or operation of an automated license plate recognition system.
SB 34 is pending in the Assembly Transportation Committee.
SB 570 (Jackson) of the current legislative session amends the
Data Breach Notification Law to revise the language of the
breach notification itself to make it clearer and more
conspicuous. SB 570 is pending on the Senate Floor.
3)Prior legislation. AB 1710 (Dickinson), Chapter 855, Statutes
of 2014, required, among other things, that businesses that
maintain, own or license the personal information of California
residents to use reasonable and appropriate security measures to
protect the information.
AB 1950 (Wiggins), Chapter 877, Statutes of 2004, required a
business that owns or licenses personal information about a
California resident to implement and maintain reasonable
security procedures and practices to protect personal
information from unauthorized access, destruction, use,
modification, or disclosure.
SB 1386 (Peace), Chapter 915, Statutes of 2002, enacted
California's Data Breach Notification Law.
Analysis Prepared by:
Hank Dempsey / P. & C.P. / (916) 319-2200 FN:
0000549
�
AB 964
Page 4