I.e. Do we need to make a major research effort to solve all(or most) Cybersecurity problems?
Because mistakes keep happening:
And these are not small mistakes – they may shift our world underneath us… As California considers more legislation and Breach reporting requirements, other states may also look into this issue. At Databreachtoday.com there is a story about how California is proposing new changes to Data breach notification requirements.
The California law is adding clarification to potential breaches, as before it is not obvious that government issued identification is part of “personal identification”, and any biometric data as well.
The now defined “personal information” includes:
- Social Security number;
- Driver’s license number, California identification card number or other government-issued identification number;
- Account number or credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account;
- Medical information;
- Health insurance information;
- Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data;
- Information or data collected through the use or operation of an automated license plate recognition system.
It is good to get clarification which only means most other states will follow and also enact similar laws.
If you have a breach you are on the clock and will be judged by how fast you can deliver information to your customers or employees about the breach.
What is different in California is the privacy law AB375 which is actually referred as “The California Consumer Privacy Act of 2018.”