Skip to content

September 9, 2009

For More Information, Contact:
Melissa Figueroa (916) 651-4011


—The State Legislature approved State Senator Joe Simitian’s (D-Palo Alto) SB 20, a bill to strengthen and update California’s landmark privacy protection law. The bill now goes to the Governor, who has until October 11th to sign or veto the legislation.

SB 20 builds on previous legislation authored by Simitian, AB 700 (2002), which required any company or business that loses unencrypted personal information to send a security breach notification letter to consumers whose privacy was compromised. In the years since Simitian’s original privacy protection law, the measure has been widely praised, and more than 40 states have adopted similar legislation.

In 2003 Simitian was named by Scientific American magazine one of the “Scientific American 50” leaders in technology, in recognition of the legislation, and in 2007, Simitian received the RSA Conference award for Excellence in Public Policy.

“The premise is simple,” said Simitian. “What you don’t know can hurt you. Ignorance is not bliss. And you can’t protect yourself if you don’t know you’re at risk.”

If signed into law, SB 20 would strengthen that protection by requiring that the notification letters contain specific information designed to help victims safeguard their privacy. This includes the type of personal information exposed, a description of the incident, and when it took place. “Experience over the past half dozen years indicates that too often the information received is confusing, not clarifying,” said Simitian. “SB 20 ensures that notice of a security breach will be genuinely helpful to consumers,” he said.

“No one likes to get the news that information about them has been stolen,” said Simitian, “but when it happens, people are entitled to get a letter that helps them decide what to do next.” SB 20, according to Simitian, “is designed to make a good law even better.”

Simitian’s SB 20 would also require that data holders submit a copy of the notification letter to the state Attorney General’s office if more than 500 California residents are affected in a single incident. “That way, law enforcement can get the big picture on data theft,” Simitian said. “And having that information will also help the Legislature craft additional consumer protections in the future.”

“Identity theft is a difficult problem to deal with,” said Richard Holober, Executive Director of the Consumer Federation of California, a consumer rights advocacy organization, which included Simitian’s SB 20 as one of its pro-consumer legislative priorities. “We’re confident that SB 20 will help make a complicated situation easier for consumers, and we urge the Governor to sign it into law.”

For more information about SB 20, please visit Simitian’s website at