Assembly Committee Passes Government Data Breach Requirements

SupportA California Chamber of Commerce-supported bill that requires government entities to provide protection when personal information is part of a data breach unanimously passed an Assembly policy committee this week.

AB 259 (Dababneh; D-Encino) requires government agencies to provide theft prevention and mitigation services to California residents if certain personal information maintained by the agencies is breached, and conforms the government data breach requirements with private sector requirements.

Current law requires California businesses to offer theft prevention and mitigation services to individuals if certain personal information was breached and the business was the source of the breach. This personal information includes an individual’s Social Security number and driver license number. Providing these services protects against identity theft by helping ensure affected individuals are alerted swiftly that their personal information is being misused.

AB 259 simply extends these requirements to government agencies that maintain this type of personal information. The level of protection an affected individual receives should not depend on the type of entity breached. AB 259 ensures all entities maintaining personal information offer theft prevention and mitigation services.

Key Vote

AB 259 passed the Assembly Privacy and Consumer Protection Committee on March 17, 11-0.

Ayes: Baker (R-Dublin), Calderon (D-Whittier), Chang (R-Diamond Bar), Chau (D-Monterey Park), Cooper (D-Elk Grove), Dababneh (D-Encino), Dahle (R-Bieber), Gatto (D-Glendale), Gordon (D-Menlo Park), Low (D-Campbell), Wilk (R-Santa Clarita).

Staff Contact: Jeremy Merz