FRAMINGHAM (03/17/2004) - Companies concerned about potential liability issues raised by California's identity-theft law may have a whole lot more to worry about if a recently proposed piece of similar legislation is passed.
The proposed ID-theft law, which has managed to remain below the radar of many companies for some time now, is called Senate Bill 1279 and was introduced by California Sen. Debra Bowen on Feb. 13.
The proposed bill seeks to toughen and broaden the scope of legislation already in place.
Under that law, put into place last year, any company that maintains computerized databases containing certain personal information about California residents is obligated to inform those individuals of any security breach in which unencrypted personal data may have been compromised.
SB 1279 seeks to widen the definition of breachable data to include all data, rather than only computerized data. Under SB 1279, any personal data maintained on voice systems or on paper would be covered by the same provisions that currently apply only to computerized data.
The bill would also require companies that suffer a security breach involving personal information to provide two years of credit-monitoring services, without charge, to each affected individual.
"As you might guess, this bill would significantly impact organizations already concerned about SB 1386," said a security analyst at a large financial services organization with operations in California who asked not to be named.
"It would have some real serious operational implications for affected companies," the user said. For one thing, the potential costs of paying for credit-monitoring services for individuals whose personal information may have been compromised is huge. Broadening the definition of breachable data also makes the task of protecting it "monumentally" difficult, he said.
"So naturally, from a practioner's perspective, none of us are thrilled about it," he said.
The user said there already is a quiet lobbying effort to stop the bill from being passed.