BILL ANALYSIS �Ó
AB 964
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB
964 (Chau)
As Amended September 1, 2015
Majority vote
--------------------------------------------------------------------
|ASSEMBLY: |69-7 |(June 03, |SENATE: |27-11 |(September 3, |
| | |2015) | | |2015) |
| | | | | | |
| | | | | | |
--------------------------------------------------------------------
Original Committee Reference: P. & C.P.
SUMMARY: Defines the word "encrypted" as used in California's
Data Breach Notification Law to mean rendered unusable,
unreadable, or indecipherable to an unauthorized person through
a security technology or methodology generally accepted in the
field of information security. Specifically, this bill:
1)Defines, for purposes of the existing data breach notification
requirements for businesses and public agencies, the term
"encrypted" to mean "rendered unusable, unreadable, or
indecipherable to an unauthorized person through a security
technology or methodology generally accepted in the field of
information security."
2)Makes other technical or non-substantive changes.
�
AB 964
Page 2
The Senate amendments add double-jointing language to avoid
chaptering conflicts with SB 570 (Jackson) and SB 34 (Hill) of
the current legislative session.
FISCAL EFFECT: None. This bill is keyed non-fiscal by the
Legislative Counsel.
COMMENTS: This bill is simply intended to clarify the state's
existing data breach notification law for private businesses and
public agencies that hold unencrypted personal information by
providing a definition for what encryption actually means.
2014 was a record-setting year in terms of the number of
security breaches reported. According to a January 2015 report
by the California Attorney General's Office, 187 breaches were
reported to the California Department of Justice in 2014,
compared to 167 in 2013 and 131 in 2012. According to the
Identity Theft Resource Center, there were 783 data breaches
reported nationwide in 2014 - a 27.5% increase over the previous
year. The Privacy Rights Clearinghouse reports that more than
815 million records have been compromised in more than 4,489
publicly acknowledged data breaches since 2005.
Analysis Prepared by:
Hank Dempsey / P. & C.P. / (916) 319-2200 FN:
0002010