California is a state with some of the stringent data breach notification laws in the land it is planning to make the laws better by putting a plug on the loopholes in its existing data breach notification laws by expanding the requirements for companies, according to a report by TechCrunch.
As per the report, California’s Attorney General, Xavier Becerra announced a bill on Thursday which aims to cut down loopholes in its existing data breach notification laws. According to the proposed bill, the companies will have to notify their users if their passport or government ID numbers and other biometric details have been stolen.
The main reason which has prompted the law change has been the hacking incident of Starwood, in which data of nearly 383 million unique guests were stolen which included guest names, postal addresses, phone numbers, dates of birth, genders, email addresses, and other reservation information.
Although Starwood took the initiative and informed its clients of the breach, it is not obligatory for companies to inform its users that biometric data and passport numbers have been stolen. Under the current California law, only social security numbers, banking information, passwords, medical and health insurance information, and data collected through automatic license plate recognition systems must be reported.
But things are in for a change with the introduction of the California assembly bill 1130.
Speaking about the new bill, Becera said, “We have an opportunity today to make our data breach law stronger and that’s why we’re moving today to make it more difficult for hackers and cybercriminals to get your private information.”
Many other states which include Oregon, Florida, and Alabama already have breach notification laws for passport number breaches and the states of Iowa and Nebraska have breach notification laws for biometric data.