California continues to lead the way in protecting consumers whose data have been breached. By a vote of 37-0-1 last week, the Senate passed S.B. 46, a bill introduced by Senator Ellen Corbett.
The bill amends existing law to expand required notification to situations involving access to an online account. The law would still incorporate an acquisition standard as a trigger for notification, but the definition of personal information is amended to replace “username, password” with “(2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account.”
The bill now moves to the House.
h/t, Law360.com