Skip to content

February 6, 2007

For More Information, Contact:
Hema Sareen Mohan (650) 688-6384


PALO ALTO – State Senator Joe Simitian (D-Palo Alto) today received the 2007 Award for Excellence in Public Policy at the opening session of the 16th annual RSA Conference, the world’s largest event for cyber security professionals to share and exchange ideas to address identity theft and security breaches.  This year’s conference is expected to draw 15,000 computer security experts from around the world.
Established in 1998, the award recognizes leaders in the public sector who show exemplary leadership and have a substantial impact on information security and privacy policy.  Simitian was chosen to receive the award for authoring AB 700/SB 1386, the law that requires businesses and government agencies to notify consumers in the event that their personal identifying information has been compromised.
“It was the consensus of the nominating committee that in the past year, no law—state, federal, or international—had more impact on consumers’ privacy and information security than Simitian’s AB 700,” said Shannon Kellogg, Director of Information Security Policy, RSA, The Security Division of EMC Corporation.

“I’m gratified to receive this award,” said Simitian, who was recently appointed to chair the new Senate Select Committee on Privacy.  “I authored AB 700 because I believe that when it comes to online security, ignorance isn’t bliss.  What you don’t know can hurt you.”
Simitian added, “Ideally, we need tamper-proof security systems, but until then, it’s important that we continue to give consumers the information they need to protect themselves.  I’ll continue to work on legislation that helps do just that.”

Past winners of the Public Policy Award include U.S. Senator Robert Bennett, U.S. Representative Tom Davis, and Orson Swindle, a former Federal Trade Commissioner.  Swindle presented the Public Policy Award to Simitian this year.

Simitian’s other privacy legislation includes SB 202, which protects consumers’ phone records from being unknowingly obtained by others.  That bill, which went into effect on January 1, 2007, makes it illegal to obtain a consumer’s phone records by fraud or deceit, including the practice known as “pretexting” (i.e., pretending to be someone you’re not), and it makes it unlawful to buy or sell a consumer’s phone records without the consumer’s written consent, effectively shutting down the market for phone records. 

Building on his work to protect Californians’ privacy, Simitian recently re-introduced SB 30, a bill that will make California the first state in the nation to require privacy and security protections for the use of radio frequency identification (RFID) or ‘smart chip’ technology in government-issued identification documents. 

RFID devices are tiny chips with miniature antennae that can be embedded in documents for tracking and identification purposes.  Simitian’s SB 30 addresses concerns that, using a reader that emits a radio signal, anyone can capture the identifying information stored in the chips.  Governor Schwarzenegger vetoed the bill last year.

Simitian called the Governor’s veto a “missed opportunity to get out in front of the problem, and to put California in the forefront of privacy protection.” Simitian said he was particularly taken aback at the suggestion in the Governor’s veto message that his RFID legislation was “premature.”

“I think the public wants us to anticipate and solve privacy problems before they occur, not wait until there’s a national headline or a tragic incident,” said Simitian.  The notion that his measure was “premature” was “regrettably familiar,” said Simitian.  “That’s what I heard a year ago when I introduced the bill to outlaw ‘pretexting’ and the purchase and sale of phone records, and five years ago when I proposed AB 700 to require companies that have been hacked or lost our personal data to tell us, so we can protect ourselves.”