At the close of last week, California state policymakers introduced legislation that would require companies to notify customers when passport information and biometric data are accessed by anyone without authorization.
According to reports, California State Attorney General Xavier Becerra and Assemblyman Marc Levine of San Rafael unveiled AB 1130, which aims to close a loophole in the state’s data breach laws.
The new bill was inspired by the Marriott mega breach of December 2018. Hundreds of millions of Marriot guests had their personal information compromised in a hacking campaign that lasted four years.
“All Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization,” said the attorney general in a statement to the press, adding that AB 1130 was drafted with the intent of “clos[ing] a gap in California law and ensur[ing] that our state remains the nation’s leader in data privacy and protection.”
Becerra wasn’t exaggerating when he framed California as the leader in data regulation. Toward the end of last year, the state passed its Consumer Privacy Act, a sweeping set of laws that closely mirrors Europe’s General Data Protection Regulations. Key GDPR tenets such as the right of users to know what data is being collected, the ability to object to the sale of data, and the right to demand personal data be deleted from a system are all contained in the California privacy law.
This trend of individual states producing legislation governing the cyber sphere will only spur forward the ongoing agenda on Capitol Hill for nationwide federal regulations.