The California Senate narrowly passed a bill earlier this week that would allow businesses to be sued for data breaches without proof of any injury. As this bill moves to the Assembly, there is already talk among legislators about amending it to include a safe harbor provision. But will any safe harbor address opponents’ concerns?
SB 1121, which is making its way through the California Legislature, would allow businesses to be sued for data breaches even when no one was actually injured. This includes being sued for failing to implement and maintain reasonable security procedures as well as for failing to properly notify affected individuals of a breach of their personal information. Opponents of this bill are calling it a “job killer”.
No! It is a common misconception among the general public that someone always has to pay when there is a data breach. It is understandable that individuals affected by a data breach will be upset, distraught, and even angry. In light of recent large-scale data breaches, it is safe to say we have all been there, with our personal information that we entrusted to particular companies or employers now out there in the hands of cyber thieves.
Effective immediately, federal contractors will need to comply with privacy training rules intended to ensure that their workforces protect personally identifiable information. As of January 19, 2017, federal contractors will need to follow a five-step plan to comply with the new rules issued by the Department of Defense, General Services Administration, and National Aeronautics and Space Administration.