By George Bao Sept. 13, 2016
SACRAMENTO – Two consumer protection bills authored by California State Assemblyman Ed Chau were signed into law Tuesday by Governor Jerry Brown.
According to Chau’s office, AB 2828 expands the data breach notification law, which currently requires notice to consumers of compromised unencrypted personal information, to also include encrypted information, if the encryption keys have also been compromised.
AB 2307 protects consumers from credit card fraud and identity theft at the gas pump by requiring service agents to report to their county sealer any credit card skimming devices found in the course of their work.
“I applaud the Governor’s commitment to protecting consumers from having their personal information and accounts stolen by criminals, thieves and hackers, by signing AB 2828 and AB 2307,” said Assemblyman Chau, Chair of Assembly Committee on Privacy and Consumer Protection.
“Both of these bills will make great strides, as proactive and preventative measures, in ensuring consumer safety.”
In February 2015, criminals accessed personal information, including names, addresses, birthdates, and Social Security numbers, of more than 80 million United States patients covered by one of the country’s largest health insurance and health plan providers.
The incident was the biggest theft of health care data in history. Data breaches are also becoming increasingly sophisticated. Hackers are constantly looking for new and innovative ways to penetrate networks, such as gaining access to encryption keys, or security credentials, in order to access encrypted data.
As a result, security experts contend that encryption, by itself, cannot thwart criminals if the hack involves gaining access to security credentials.
“In an effort to protect consumers after a data breach, AB 2828 requires businesses and government agencies to notify affected consumers where encrypted personal information is disclosed and there is a reasonable belief that encryption keys or security credentials were also compromised and could render the breached information readable or useable,” said Chau.
“This bill will allow victims to take the necessary steps to protect themselves from fraud and identity theft before the data is used or sold by the hackers.”
Law enforcement is seeing an increase of credit card “skimmers” throughout the state. Card Skimmers are tiny devices criminals insert into gas pumps and ATM machines that “skim” or glean credit card information when people insert their cards for payment.
Some sophisticated devices can even wirelessly transmit the stolen data in real time to the criminals. Gas station pumps are a common target for criminals, because they are often not as closely monitored as bank ATM machines.
While California law requires the meters on gas pumps to be checked regularly for accuracy, there is no uniform process for dealing with these devices when they are discovered by a service agent in California.
“To ensure that there is a uniform process in protecting the public’s safety, AB 2307 requires all service agents to report credit card skimming devices to their county sealer, who then contacts the appropriate law enforcement authorities to conduct a proper investigation,” said Chau.
“This bill gives law enforcement the evidence it needs to investigate and stop criminals from stealing credit card information and committing fraud.”