Skip to content

FOR IMMEDIATE RELEASE                  
April 16, 2010

For More Information, Contact:
Keith Weissglass (650) 688-6384


SACRAMENTO – The California State Senate voted Thursday to approve Senate Bill 1166 by State Senator Joe Simitian (D-Palo Alto).  Senate Bill 1166 would strengthen and improve the state’s existing security breach notification requirements.

Current California law requires data holders to notify individuals when there has been a breach of personal information, but does not indicate what information should be contained in the notification. Simitian says SB 1166 is “the logical next step.”

“No one likes to get the news that personal information about them has been stolen,” said Simitian. “But when it happens, people are entitled to get the information they need to decide what to do next.”

California’s data breach law, authored by Simitian in 2002, now requires companies and state government agencies to notify individuals when their personal information has been compromised. SB 1166 would strengthen the existing law by doing the following:

  • Establish standard, core content for data breach notification – such as the type of information breached, the time of breach and a toll-free telephone number of major credit reporting agencies for security breach notices in California; and,
  • Require public agencies, businesses and people subject to California’s security breach notification law to send an electronic copy of the breach notification to the Attorney General if more than 500 Californians are affected by a single breach.

A survey by the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley found that 28 percent of data breach victims receiving a security breach notification letter “do not understand the potential consequences of the breach after reading the letter.”

Privacy Rights Clearinghouse, a non-profit consumer education and advocacy group, reports that at least 347 million sensitive records have been compromised nationwide since 2005.

In the years since Simitian’s original privacy legislation (AB 700) was signed into law, more than 40 states have adopted similar legislation. At least fourteen other states and Puerto Rico now require security breach notification letters to include specified types of information similar to the requirements of Senate Bill 1166.

“This new measure makes modest but helpful changes to the law.  It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft,” said Simitian.

“The changes proposed to the law by Senator Simitian’s Senate Bill 1166 enhance identity theft protection for Californians,” said Richard Holober, Executive Director of the Consumer Federation of California. “We’re hopeful that the Legislature will continue to move this bill forward, and that the Governor will sign it into law this year.”

Senate Bill 1166 is a reintroduction of Simitian’s Senate Bill 20 (2009), which was vetoed last fall by the Governor.  Simitian said he reintroduced the measure after conversations with the Governors office persuaded him that “a signature by the Governor seems possible this year.”

Senate Bill 1166 now moves to the State Assembly for consideration.

For more information on Senate Bill 1166, visit