California Requires Companies To Directly Inform Consumers About Data Breaches

Brad Chacos

Rapid breathing, sweaty palms, and a tightening of the chest; those physical effects used to be associated with prom night or horror movies, but thanks to all the high-profile hacking antics hitting the headlines these days, you might experience the same jitters whenever a website asks you for some personal information. Even worse, companies don’t always own up to when they’ve been pwned and put your data in danger. It’s getting better, though. California just passed a law that requires companies that have been OMG h@x3d to directly inform their customers of the breach.

California’s actually required companies to inform consumers about breaches since 2002, ReadWriteWeb reports , but some of those wily corporations snuck around the mandate by simply placing a notice up on their website when they fell victim to a hack attack. If you didn’t check out the website, you didn’t learn about the breach, simple as that.

The new law forces hacked service providers to directly inform potential victims whenever a database is breached. A single website bulletin won’t cut it anymore. In addition, the notification must contain a telephone number and contact person in case potential victims want to follow up with further questioning. Email’s fine too, but a telephone number is mandatory.

"No one likes to get the news that personal information about them has been stolen,” Joe Simitian, the  State Senator that authored the bill, said in a statement. “But when it happens, people deserve to get the information they need to decide what to do next."

Around the web