Assembly Bill 1950 – new California Law

On November 2, 2004, in Rants, by

I’m putting together a Top Technology powerpoint tonight and was looking at the Gartner web site and they have a headline that says “Prepare for California’s new Data Security Law“. 


Okay I’m familiar with SB 1386, the “you get intruded, you must inform those affected parties that may be affected by identity theft”, but what new Data Security Law?  In digging, it’s a new law, called AB 1950 that expands on SB 1386.  As Gartner puts it, this expands our duties to not just report, but to follow best practices to “protect“.


• Take “reasonable precautions” (the law provides no definition of this term) to protect personal information from modification, deletion, disclosure and misuse.


• Require partners with which information holders share information to meet the same standards.


• Protect personal healthcare information.


As Gartner puts it, California will need to provide more guidance on how this law will affect data security.  Until then, follow best practices and pay special attention to protecting data types specified in the law, such as Social Security numbers and medical information.


I would LOVE to pay special attention to protecting the Social Security numbers in my Tax Preparation programs, but you see NOT A SINGLE ONE OF THE APPLICATION VENDORS will support my use of Encryption of those data fields. 


It’s a little hard to do “best practices” when my vendors won’t help.

 

One Response to Assembly Bill 1950 – new California Law

  1. Ron says:

    It is always nice to be lectured or held liable by governments unable to create secure verifiable or reliable ID’s, voter registration, and felony lists.

    If California is anything like New York, the assembly should look at their practices before opening businesses up to litigation.

    If these bills make businesses pay more attention to security, it is a step in the right direction. However, it is also a case of hypocritical showmanship by gerrymandered incumbents who care more about press releases and special interests than the future of the citizens.