From Wired News
California Looks to Expand Data Breach Notification Law
By Kim Zetter
California State Sen. Joe Simitian, the man responsible in large part for the nation's first data-breach notification law, has introduced new legislation that would require companies doing business in the the state to provide more information in their breach notification letters to consumers, and to send simultaneous notices to state authorities....
Simitian, speaking at the Security Breach Notification symposium in Berkeley, said the new legislation would force organizations that are breached to admit the extent of the compromise, and to provide consumers with enough information to determine on their own whether they face a risk of harm....
The law has led to more transparency about computer security practices at companies, but had an inauspicious start.
In early 2001, Simitian said he had just been elected a California state assembly member when he became chair of a privacy committee in the assembly. He began investigating issues related to online privacy and identified nine important ones on which to focus his attention.Forty-eight hours before the deadline for introducing the bill, he consulted two privacy legal experts and one of them, Deirdre Mulligan, now an assistant professor at UC Berkeley's School of Information, suggested he add something to the bill related to breach notification.
"If you actually got it passed," she said, "it would be a very big deal."
... The state passed the notification law in 2003.