“Even as technological innovation and advances bring us greater convenience, efficiency, and productivity, they are also generating new vulnerabilities,” said California Attorney General (AG) Kamala Harris (D). “The Internet has created a new frontier for criminal activity in the form of cybercrime, such as data breaches.”
Harris recently released her office’s second annual “California Data Breach Report.” It details the 167 data security breaches reported to the AG’s office in 2013. Those breaches impacted 18.5 million California residents, and reflected a 28 percent increase in the number of incidents and a 600 percent increase in the number of affected personal records from 2012.
Unlike the prior report, where the AG’s office offered extensive recommendations to bolster companies’ data security protections (later bolstered be her office’s cybersecurity recommendations for businesses), the new report focused more on specific business sectors, particularly the retail and financial sectors. Considering that the two biggest data breaches impacting Californians in 2013 were the Target and Living Social incidents, the report’s focus on credit and debit card security makes a lot of sense.
Still, the AG’s office recommended that all kinds of businesses:
- conduct risk assessments at least annually and update privacy and security practices based on the findings;
- use strong encryption to protect personal information in transit;
- improve the readability of their breach notices.
Also in the prior report, the AG recommended legislative changes to address data security vulnerabilities. Two of them have since made it into law:
- 2013’s S.B. 46, which added online account information to the types of data covered in case of a breach; and
- 2014’s A.B. 1710, which expanded data security requirements to include not just the owner or licenser of personal data, but also anyone who "maintains" such data.
However, Harris still is seeking statutory changes that would require encryption to protect personal information in transit and provide funding to support system upgrades for small California retailers.
Will there be more data security changes to come in California in 2015-16? The odds are good.