Skip to content

SB 364: Security Breach Notification Enhancements (2007)


This bill would make relatively modest but helpful changes to the current security breach notification statutes to enhance consumer and Legislative knowledge about, and understanding of, security breaches.  Similar changes have already been made in Michigan, New Hampshire, North Carolina and New Jersey, and have been considered by the California Legislature as minor provisions in prior, more comprehensive security breach reform proposals.

After this bill passed the Legislature, Senator Simitian sent a letter to the Governor urging his signature on this bill. 

For more information, you can read the SB 364 "Fact Sheet" prepared by a member of Senator Simitian's staff.

Final Status and Text

SB 364 is no longer active. Its final status was:
Vetoed by the Governor

You can read its final text on the Legislature's Bill Information site.

Background Information

Need for the Bill
Although California has a security breach notification law (A.B. 700, Simitian/S.B. 1386, Peace - 2002), we do not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers.  As a result, security breach notifications letters often lack important information – such as the time of the breach or type of information that was breached – or are confusing to consumers. This leaves consumers uncertain about how to respond to the breach or protect themselves from identity theft, and leaves businesses and government entities that have experienced a breach unsure about what to put in the notices they send consumers.

What the Bill Does
In a nutshell this bill establishes standard, core content—such as the type of information breached and time of breach—for security breach notices in California.

Studies and Reports

Samples of Security Breach Notification Letters—Good and Bad

  • Promising Practice:  This PDF from Lexis-Nexis points in the direction California should go.  This file contains information reported to the State of New York under its security breach notification law, including a cover letter to state authorities and an excellent sample notification letter that went to consumers.
  • Needs work:  The letters linked in this PDF could be improved.  All the letters contained herein are missing vital information that would help consumers understand how to respond to the breach.

How Can I Help?

You can send a letter in support of SB 364 to Senator Simitian.  Staff has drafted a sample letter you can use.  Edit it as necessary.

News & Press Releases about SB 364

08/31/2011 - Simitian's Consumer Privacy Bill Signed Into Law

08/19/2011 - Simitian's Consumer Privacy Protection Bill Passed By Legislature, Goes to Governor For Approval

04/14/2011 - Simitian's Consumer Privacy Protection Bill Passed By Senate

05/20/2009 - Privacy Piracy interview with California State Senator Joe Simitian, 11th District

02/01/2008 - Senator Simitian Speaks on SB 364 - Data Breach Notification

01/31/2008 - Senate Strengthens California Privacy Protection Measure