California Bill Would Add Security Standards to Data Breach Law

A California lawmaker has revived a bill to set a “reasonably prudent” standard for businesses to protect personal consumer data, including geolocation and biometric information, in the final two weeks of the legislative session.

Assemblyman Mike Gatto (D) amended A.B. 83, a bill that has been dormant for a year, setting new standards for businesses to use reasonable security procedures and practices if they hold or maintain personal information.

The amendments became public Aug. 20, and the session ends Aug. 31. The bill passed the Assembly in 2015, so now needs approval in the Senate and agreement from the Assembly on the amendments to reach the desk of Gov. Jerry Brown (D).

Although the bill hasn’t moved since July 2015 and has considered inactive since September 2015, Gatto told Bloomberg BNA Aug. 22 the new amendments reflect a compromise he negotiated for two years with business and privacy groups that still accomplishes his intent to set standards for protecting personal data where none now exist.

“The next frontier is to use facial recognition to track you when you walk into a mall,” he said. “People who store this information should have strong encryption and consumer protections.”

Source: California Bill Would Add Security Standards to Data Breach Law