California Enacts New ID Theft Law, Federal Bill Introduced

In an effort to crack down on identity theft, a new law went into effect in California last week that puts the impetus on businesses to notify their customers in that state if they even suspect that personal information may have been compromised.

The law, expected to be a model for pending federal legislation, came in response a hacking incident in which the personal records of 265,000 state employees were compromised last year. It took the state nearly six weeks to notify the affected individuals, time they could have spent minimizing the damage by putting fraud alerts on all their accounts. The incident spurred incensed state lawmakers to take action.

The Federal Trade Commission reports a two-fold increase in identity theft over the last year, with more than 160,000 reported cases. Credit card fraud led the pack, with 42 percent of all complaints.

The law requires all businesses, agencies and nonprofits that have customers in California to take the necessary steps to ensure they can notify potential victims immediately.

Companies that fear public reprisals for failing to adequately protect their customers’ names, social security numbers, drivers license numbers and other sensitive data, were flocking to security firms and companies that sell encryption software. Data that is stored in encrypted format is exempt from the law.

"Organizations that are following near-best practices for data security should be OK," said Ray Wagner, research director for information security strategies at Gartner. "However, you could read (the law) very conservatively: If you don't encrypt data...and maintain good audit trails, you open yourself up to lawsuits."

The lawsuit has been a boondoggle for security software makers. "It's dramatic," said Jim Schoonmaker, CEO of Liquid Machines, which sells software to keep data encrypted. "They are coming from all over the United States. Any large enterprise has customers in California, and more importantly, they are looking at this as a harbinger of what is to come."

California Senator Diane Feinstein (D-CA) introduced a federal identity theft bill last week, which follows the lead set in California.

"I strongly believe individuals have a right to be notified when their most sensitive information is compromised--because it is truly their information," Feinstein said in a statement. "This is both a matter of principle and a practical measure to curb identity theft."

You may like these other stories...

A new Wall Street Journal/NBC poll found that there is broad support among registered voters for Congress to enact legislation that would curb the practice of US companies shifting their headquarters overseas to cut their US...
All that was needed on Tuesday was a voice vote for the House of Representatives to pass a bill that would prevent state and local governments from taxing access to the Internet.Now the ball is in the Senate’s court....
The Republican-controlled House of Representatives passed a bill on Friday morning that would permanently extend the bonus depreciation tax break for businesses.The measure, HR 4718, which was crafted by Representative Pat...

Already a member? log in here.

Upcoming CPE Webinars

Oct 30Many Excel users have a love-hate relationship with workbook links.
Nov 5Join CPA thought leader and peer reviewer Rob Cameron and learn ways to improve the outcome of your peer reviews while maximizing the value of your engagement workflow.
Nov 12This webcast presents basic principles of revenue recognition, including new ASU 2014-09 for the contract method. Also, CPAs in industries who want a refresher on revenue accounting standards will benefit.
Nov 18In this session Excel expert David Ringstrom, CPA tackles what to do when bad things happen to good spreadsheets.