California Continues Data Protection Lead

Is California blazing yet another legal Data Protection trail? Information Week just posted a blog on California SB-1186 (not yet signed into law). It essentially adds more prescriptive granularity to the state’s existing SB-1386, which is more or less the grandfather of the other 45 states’ data breach notification laws. Essentially, SB-1186 says that when a company reports a data breach, the report should contain certain standardized information, and if the breach affects more than 500 people, the Attorney General must be notified. Shades of HITECH, perhaps.

This isn’t revolutionary, but it’s nice forward progress. Hopefully, U.S. federal legislators will pass a federal law to bring the 50 states under a single, consistent law that eliminates the need for corporations to understand the laws of 45 individual states where laws are in place today. At the end of the day, our shared mission should be the same – protect the data, hopefully using encryption. Once this is accomplished, the laws suddenly become simple.