Ok so the big news, revenge porn is now against the law…well that’s no big thing but now it’s official and is the law for when it does occur. There were quite a few items addressed towards students and you can read all at the link below.
Second here is that it is now law that companies provide 12 months of credit services in the case of a breach and last but not least a social security numbers may not be offered for sale, or to sell one. Pretty weak but it’s in the law.
We still need on a national basis, a law to require all who sell data to buy a license. Here’s the campaign at the right if you want to read up. There’s quite a few links there to tell you how insurers buy your credit card transactions to use to analyze and score you and of course the voice recorder at the call centers that analyze your current state and create a file that can be sold to behavioral analytics folks, happens all the time. BD
Expansion of Protection for California Residents’ Personal Information – AB 1710
Under current law, any business that owns or licenses certain personal information about a California resident must implement reasonable security measures to protect the information and, in the event of a data or system breach, must notify affected persons. See Cal. Civil Code §§ 1798.81.5-1798.83. Current law also prohibits individuals and entities from posting, displaying, or printing an individual’s social security number, or requiring individuals to use or transmit their social security number, unless certain requirements are met. See Cal. Civil Code § 1798.85.
The bill makes three notable changes to these laws. First, in addition to businesses that own and license personal information, businesses that maintain personal information must comply with the law’s security and notification requirements. Second, in the event of a security breach, businesses now must not only notify affected persons, but also provide “appropriate identity theft prevention and mitigation services” to the affected persons at no cost for at least 12 months, if the breach exposed or may have exposed specified personal information. Third, in addition to the current restrictions on the use of social security numbers, individuals and entities now also may not sell, advertise to sell, or offer to sell any individual’s social security number.