California SB 1386 Essay examples -- essays research papers

On July 1, 2003, California enacted an electronic data privacy law to protect residents from one of its fastest growing crimes: identity theft. SB 1386 (Civil Code 1798.29) requires businesses to notify California residents if a security breach results in disclosure of personal electronic data. All businesses are subject to this law regardless of size, location, or operations. Business owners should be aware of the problems associated with identity theft, the steps required to comply with SB 1386, and the preventative measures available. Identity theft is a significant problem to both citizens and financial institutions. The FTC estimates that over 27.3 million Americans have been the victims of identity theft in the past five years. The U.S. financial impact is staggering; in 2002 alone, losses were estimated at $48 billion to financial institutions and $5 billion to victims. The FTC reviewed trends from 214,905 cases reported in 2003, and California accounted for the highest number of incidents (39,452). In 20% of all cases, the source of the information breach involved disclosure of personal data over the internet or other electronic sources. In 55% of all cases, the identity theft resulted in credit card, bank, or loan fraud. Federal and state laws address this growing problem. The FTC provides some protection by aggressively enforcing existing federal laws. Under the unfair and deceptive trade practices law, a website operator must adhere to the company’s own privacy policy or face prosecution for failing to exercise a reasonable standard of care. Reasonable care includes addressing potential system vulnerabilities such as viruses and encrypting personal information so that it cannot be viewed. The FTC recently ordered several large corporations to implement stronger privacy controls after breaches exposed personal information. In January of 2001, Eli Lilly settled with the FTC after accidentally releasing the e-mail addresses of nearly 700 consumers who were using the company’s anti-depressant Prozac. Seven months later, Microsoft was targeted by the FTC for misrepresenting the security of its â€Å"Passport Wallet† web service. More recently, in April of 2004, Tower Records faced allegations for allowing and failing to correct a breach that disclosed consumer information including names, billing and shipping addresses, email addresses, phone numbers, and ... ... 2003. http://www.consumer.gov/idtheft/IDT_CY03/California%20CY2003.pdf January 18, 2002, â€Å"Eli Lilly Settles FTC Charges Concerning Security Breach†. http://www.ftc.gov/opa/2002/01/elililly.htm August 8, 2002, â€Å"Microsoft Settles FTC Charges Alleging False Security and Privacy Promises†. http://www.ftc.gov/opa/2002/08/microsoft.htm April 21, 2004, â€Å"Tower Records Settles FTC Charges†. http://www.ftc.gov/opa/2004/04/towerrecords.htm Articles: Cheryl A. Falvey, â€Å"Disclosure of Security Breaches Required by New California Privacy Legislation†. http://library.lp.findlaw.com/articles/file/00008/009186/title/Subject/topic/Antitrust%20and%20Trade%20Regulation_Unfair%20Trade%20Practices/filename/antitrustandtraderegulation_2_237 Whole Security, â€Å"Facts on Identity Theft†. http://www.wholesecurity.com/threat/identity_theft.html Auxillium West, â€Å"California SB 1386 – Personal Information: Privacy†. http://www.auxillium.com/californiaSB1386.shtml StrongAuth, Inc., â€Å"California’s SB 1386 – Frequently Asked Questions†. http://www.strongauth.com/regulations/sb1386/sb1386FAQ.html Legislation: California SB 1386 http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html