Want CNET to notify you of price drops and the latest stories?

California ID breach bill gets thumbs-up

Lawmakers give initial approval to plan to toughen rules on notifying people when their data has been exposed.

Concerned with the growth of identity theft, California lawmakers gave initial approval on Tuesday to a bill that, with other state safeguards, would require companies to notify consumers of all security breaches involving their personal information.

The California Assembly's judiciary committee voted 6-3 for the bill, which would apply to paper and taped records. Breaches of computer records are already covered by a state law.

The state senate has already approved the bill, which now goes to the Assembly business and professions committee.

California leads the nation in personal information privacy laws, which have become a hot topic for other states and the U.S. Congress after a series of recent high-profile security breaches.

The California law already in effect led data-mining company ChoicePoint in February to send warning letters to 30,000 to 35,000 consumers after criminals gained access to a database of personal records.

Bank of America

and MasterCard International also have disclosed major breaches.

Democratic state Sen. Debra Bowen said that there was a loophole in the state law, though.

"Right now, companies have to tell you when a thief hacks into their computer system and gets access to your personal account information or Social Security number, but they don't have to say word one when paper records or a back-up tape containing the exact same personal information are lost, stolen or inadvertently handed to a perfect stranger," Bowen said.

"That's a loophole that needs to be closed," she added.

Story Copyright © 2005 Reuters Limited. All rights reserved.