Skip to content

FOR IMMEDIATE RELEASE                  
August 19, 2011

For More Information, Contact:
Melissa Figueroa (916) 651-4011 .(JavaScript must be enabled to view this email address)


SACRAMENTO – The California State Legislature has voted to approve Senate Bill 24 by State Senator Joe Simitian (D-Palo Alto); the bill now goes to Governor Brown for consideration.  Senate Bill 24 strengthens and improves the state’s existing security breach notification requirements.

Current California law requires data holders to notify individuals when there has been a breach of personal information, but does not indicate what information should be contained in the notification. Simitian says SB 24 is “the logical next step in helping provide consumers with all the information they need.”

“No one likes to get the news that personal information about them has been stolen,” said Simitian. “But when it happens, people are entitled to get the information they need to decide what to do next.”

California’s current data breach law, authored by Simitian in 2002, requires companies and state government agencies to notify individuals when their personal information has been compromised. Senate Bill 24 would strengthen the existing law by doing the following:

• Establish standard, core content for data breach notification – such as the type of information breached, the time of breach and a toll-free telephone number of major credit reporting agencies for security breach notices in California; and,

• Require public agencies, businesses and people subject to California’s security breach notification law to send an electronic copy of the breach notification to the Attorney General if more than 500 Californians are affected by a single breach.

A survey by the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley found that 28 percent of data breach victims receiving a security breach notification letter “do not understand the potential consequences of the breach after reading the letter.”

Privacy Rights Clearinghouse, a non-profit consumer education and advocacy group, reports that at least 500 million sensitive records have been compromised nationwide since 2005.

“Senator Simitian’s Senate Bill 24 strengthens California’s landmark breach notice law in important ways,” says Beth Givens from the Privacy Rights Clearinghouse. “It gives individuals vital information to enable them to better assess their risk of identity theft.”

In the years since Simitian’s original privacy legislation (AB 700) was signed into law, more than 40 states have adopted similar legislation. At least fourteen other states and Puerto Rico now require security breach notification letters to include specified types of information similar to the requirements of SB 24.

“This new measure makes modest but helpful changes to the law.  It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft,” said Simitian.

Simitian’s prior efforts to upgrade security breach notification were vetoed by Governor Schwarzenegger. Simitian said he reintroduced the measure in hopes that with a new administration “a signature by the Governor may be possible this year.”

For more information on Senate Bill 24, and a look at the other versions of the bill introduced in past years, visit