Tuesday, September 15, 2009

SB-20: A California refresh!

The updated California breach law, SB-20, is finally on the Governator's table. It has been a while coming and is most interesting since it finesses the grand-daddy of all breach laws, SB-1386. For more information, check out Ariel Silverstone's blog. There is a very good analysis of the new law.

I like the use of the work "unencrypted" in the new law - implies that even if data was encrypted but the keys were lying around, you cant claim immunity :) Contrast this language with something like "plain" or "open"...

I think this is a good step forward, especially around the notification, use of plain language etc. I would have liked it to be more focused on remedies and "get-out-of-jail" by using encryption (the MA law is one such).

No comments: