A new bill would strengthen California’s data breach notification law by expanding businesses’ obligations to inform their customers in the event of a security incident.
On 21 February, California Attorney General Xavier Becerra and Assembly Member Marc Levine (D-San Rafael) revealed AB 1130. This bill would require businesses to notify customers of a security incident that exposed their passport numbers and/or their biometric information such as a fingerprint or retina image.
This bill builds upon the State’s existing data breach notification law, which requires businesses to inform consumers of the acquisition of their Social Security Number, driver’s license number, credit card number, medical and health insurance information as well as other personal data by an unauthorized individual.