Sometimes the third time’s a charm, but in the case of S.B. 1166, a bill intended to strengthen California’s data breach notification law, the third time ended up like the preceding two – in a veto by Governor Arnold Schwarzenegger. I wrote in aMay blog post about Sen. Joseph Simitian, the author of California’s S.B. 1386, introducing legislation for the third time to augment S.B. 1386.
S.B. 1386 requires businesses or state agencies to report security breaches of certain categories of “personal information” to affected California residents. S.B. 1166 would have also required reporting businesses and agencies to also notify the State’s Attorney General if the breach involved the personal information of more than 500 state residents. In addition, other provisions of the bill would have required breach notifications to be in “plain language” and to contain certain standardized categories of information, including the type of information compromised, the approximate date of the breach (if possible to determine), and a general description of the incident.
Sen. Simitian, who happens to be my state senator, introduced S.B. 1166 in February, the bill wound its way through the Senate in the spring, and it passed in August. On September 29, 2010, however, the Governor vetoed the bill. Here is what the Governor said in his veto message:
This bill is unnecessary, however, because there is no evidence that there is a problem with the information provided to consumers. Moreover, there is no additional consumer benefit gained by requiring the Attorney General to become a repository of breach notices when this measure does not require the Attorney General to do anything with the notices.
Since this measure would place additional unnecessary mandates on businesses without a corresponding consumer benefit, I am unable to sign this bill.
Although the Governor’s statement suggests that the bill will never pass, in view of its failure to garner a gubernatorial nod after three tries, the political winds have changed. We will have a new governor, Jerry Brown, following his approval by the voters in the November 2010 election. When Jerry Brown takes office as Governor again, Sen. Simitian’s legislation may find a warmer reception.