In July, 2003 California became the first state to enact an “Information Breach” law. This state legislation addresses any organization which gathers and stores non-public data concerning California residents. The law is broad in its definition of which companies and data are affected; as well as specific about the remedies required.

SB 1386 requires any breach not identified as part of an on-going criminal investigation to be reported to the individuals who may be harmed as well as the general media outlets. In addition, the law provides up to $250,000 in fines and limited jail time for corporate officers who fail to compile, as well as specific civil remedies for individuals.

While California was the first, in 2005 Washington State enacted a similar law. Texas, New York, and Wisconsin have current legislation pending, and a several other states are considering the introduction of such bills.

These laws provide additional layers of protection for consumers, while adding potential additional liabilities and duplication of compliance efforts to companies who have defined a comprehensive and standards based compliance strategy.

Back to Compliance Main