Skip to content

FOR IMMEDIATE RELEASE                  
October 11, 2009
For More Information, Contact:
Melissa Figueroa (916) 651-4011


SACRAMENTO - Today Governor Schwarzenegger vetoed State Senator Joe Simitian’s (D-Palo Alto) Senate Bill 20. The bill would have strengthened and updated California’s landmark privacy protection law that requires businesses and state agencies to notify residents when sensitive personal information is lost or stolen from their databases.

“I’m surprised as well as disappointed by the Governor’s veto,” said Simitian. “There was no opposition to the bill in its final form.  This was a common sense step to help consumers.”

SB 20 would have upgraded previous legislation authored by Simitian, AB 700 (2002), which required any business or state agency that loses unencrypted personal information to send a security breach notification letter to consumers whose privacy was compromised. The new bill would have required that consumers be given specific information designed to help victims safeguard their privacy. This included the type of personal information exposed, a description of the incident, and when it took place.

“No one likes to get the news that personal information about them has been stolen,” said Simitian. “But when it happens, people are entitled to get the information they need to decide what to do next. This bill would have made one of California’s key consumer protections even better.”

Senate Bill 20 also required that a data holder submit a copy of the notification letter to the state Attorney General’s office if more than 500 California residents are affected in a single incident. “That way, law enforcement would have been able to get the big picture on data theft,” Simitian said.

In the years since Simitian’s original privacy protection legislation (AB 700) was signed into law, more than 40 states have adopted similar legislation. In 2003, Simitian was named by Scientific American magazine as one of the “Scientific American 50” technology leaders in recognition of the legislation. Simitian also received the 2007 award for Excellence in Public Policy at the RSA Conference, a leading security industry event.

To learn more about SB 20, visit