today the california senate bill SB 1386 went into effect. the bill (now law) makes businesses that store customer information responsible for safe guarding that information from criminals. the law states that if customers personal information (credit card numbers, names, social security numbers, etc.) that is stored on a computer are acquired by unauthorized persons (criminals), then the company in question is responsible for notifying those customers that their information was stolen.
this all seems like common sense to me. if you are a business and i give you my personal information you are responsible for making sure it doesn’t get stolen or used improperly, and certainly if it does get stolen you should tell me about it. the problem is that most business don’t want to embarrass themselves, or gain the bad P.R. that would come from admitting you lost your customer’s information. so instead of admitting they have lost personal information they usually just cover it up, which of course hurts the consummers involved, and leaves no incentive for the companies to actually enact preventative measures, so that it doesn’t happen again.
now with this law companies better beef up security and protect my information, otherwise they will get caught with their pants down, and everyone will know about it.
i first saw this story in the P.D. and what was most shocking was that california is the only state to have such a law. that may soon change though, as U.S. Sen. Dianne Feinstein (D-Calif.) introduced similar legislation to the U.S. Senate a few days ago [press release] , which she is titling the Notification of Risk to Personal Data Act. the bill (S 1350) is similar to the california bill, and would apply to any company involved in interstate commerce, and as most federal laws do, would supersede any inconsistent state laws.
i can see why business or people with business ties would fight this law, i mean it is just bad marketing to announce to everyone that you lost a bunch of sensitive data, but i would have to say tough to those people because this law makes sense, and companies have a responsibility to their customers to inform them of this kind of crime against them.