Skip to content

April 27, 2009

For More Information, Contact:
Melissa Figueroa (916) 651-4011


SACRAMENTO – The California State Senate approved today SB 20, legislation by State Senator Joe Simitian (D-Palo Alto), which aims to strengthen existing privacy protection laws for California consumers. The new law builds on legislation authored by Simitian in 2002 that requires a business or government agency that incurs a data breach to provide notice to the individual(s) whose information was compromised.  More than 40 states have adopted similar legislation since that time, largely based on the California measure.

“No one likes to get the news that information about them has been stolen,” said Simitian, “but when it happens, people are entitled to get a notice they can understand, and that helps them decide what to do next.”
“The premise is simple,” added Simitian. “What you don’t know can hurt you. Ignorance is not bliss.  And you can’t protect yourself if you don’t know you’re at risk.” Simitian said his latest proposal (SB 20), “is designed to make a good law even better.”

California’s current security breach notification law (AB 700, Simitian -2002) requires notice to consumers when their information has been compromised, but does not require data holders to provide any standard set of information about the nature of the breach. SB 20 will enhance consumer knowledge about security breaches by requiring that the notification contain specified information, including the type of personal information breached and the date of the breach.

Under Simitian’s proposal, if more than 500 California residents are affected by a single breach, data holders must submit a copy of the breach notification to the Attorney General’s office. “That way,” said Simitian, “law enforcement can get the big picture, an understanding of the patterns and practices developing in connection with data theft.  Such information,” said Simitian, “should also help the Legislature craft more effective consumer protection legislation.”

“While the bill makes relatively modest changes to California’s existing security breach notification law, these changes are vitally important and will greatly enhance identity theft protection for Californians,” said Privacy Rights Clearing House Director, Beth Givens. 

Senate Bill 20 now moves to the State Assembly for approval.

For more information about SB 20, please visit