- HOME
- About
- Topics
- Angelides
- Arnold Schwarzenegger
- California Attorney General Race
- California Congressional Races
- California Democratic Party
- California Governor Race 2010
- California Legislative Races
- California Lt. Governor Race
- California Secretary of State Race
- California State Budget
- California State Controller
- Campaign Finance Reform
- Campaigns
- Cell Phones
- Children and Families
- Consumer Rights
- Corporate Accountability
- Criminal Justice
- Death With Dignity
- Disaster Preparation
- Discrimination and Civil Rights
- Education
- Elections and Voting
- Electoral College
- Energy
- Environment
- Farm Animal Cruelty Ballot Measure
- Flood Control
- Food Safety
- Gas Prices
- Governor's Election Race
- Gun control
- Health Care
- Health Insurance
- Hiram Johnson's Corner
- Housing
- Human Rights
- Humor
- Immigration
- Infrastructure
- Initiative Reform
- Insurance Commissioner Race
- Labor
- Language and Politics
- Legal System
- Media and Communication
- Minimum Wage
- Open Government
- Pharmaceutical Companies
- Politics
- Preschool
- Presidential Election 2008
- Prevention of Farm Animal Cruelty Act Prop
- Prison Reform
- Privacy
- Privitization
- Prop 11-Redistricting/Reapportionment
- Prop 12--Veterans Housing Bond
- Prop 1A--High Speed Rail
- Prop 2--Treatment of Farm Animals
- Prop 3-Children's Hospital Bonds
- Prop 4 Waiting Period and Parental Notification
- Prop 5--Non-violent drug offenses
- Prop 6--Police and law enforcement spending
- Prop 7 and 10-Alternative Fuel and Energy Bond
- Prop 8 and-Marriage Equality
- Prop 85 Parental Notification
- Prop 86 Tobacco Tax
- Prop 87--Alternative Energy
- Prop 9 Parole
- Prop 90
- Prop 91--Transportation Funding
- Prop 92- Community Colleges
- Prop 93--Term Limits
- Props 94-97--Tribal Gaming
- Props 98 and 99
- Racial Disparities
- Responsible Lending
- Retirement Benefits
- Site of the Day
- Solar Initiative
- Structure of California Government
- Taxes
- Toxic Chemicals
- Transportation/Transit
- Water
- Westly
- Workers' Compensation
- Stories
- Governor: California is Heading “Toward Financial Armageddon”
- Governor Remarks on Budget Crisis
- Schwarzenegger's theft of Part B benefits from Social Security/ Medicare benefits
- Schwarzenegger's theft of Part B benefits from Social Security/ Medicare benefits
- California Economic Crisis Jeopardizes Obama Infrastructure Goals
- New Republican Leader Hijacks Democrats and Forces Republican Demands on Budget Process
- Air Board Must Make Land Use Reform Part of The Climate Change Program
- Attorney General Opposes $250 million “Down-Payment” for Massive Prison Plan
- Lax recycling programs for toxic televisions endanger public health and the environment
- California Progressives Share Concerns About Obama Economic Team
- Human Rights Violations in California’s Own Backyard
- Directory
- Donate
- Contact Us
RSS Advertise Here
Deliver your message to thousands of readers every day.
Our readers are influential opinion makers - politicians, journalists and activists.
Our latest headlines
- Obama’s Pick of Panetta for CIA Director Draws Array of Responses
- Is Budget Plan by Democrats in Legal Jeopardy?
- Great Priests Have Helped Me Immeasurably Throughout My Life
- The Holidays Are Over, Now When Are We Going to Get Serious?
- Cavala: Should the Legislature Be Tanked Because 15% Of Their Staff Obtain Raises And Others Get “Plumb Jobs” as Lobbyists?
- California in Desperate Need of a Stimulus Package
- California is in Desperate Need of a Gas Tax
About Us
The California Progress Report is published by Frank D. Russo, a longtime observer of and participant in California politics.
About Frank Russo.
About California Progress Report.
Got a news tip? Want to write a guest column? Contact Frank here.
Sponsors
Books
Big Steps Forward on California Identity Theft Laws This Year--But Challenges Remain for Protecting Financial Data
My Social Security Number was Where?
By Assemblymember Dave Jones
Early this year my staff logged onto the Secretary of State’s website, entered some credit card information, and purchased the social security numbers of two of the most successful businessmen in Sacramento. For $6 each.
Last month, I walked into the Sacramento County Recorder’s office and sat down at one of the public computer terminals. I typed in the common name “Robert Smith” and within a few keystrokes had access to the social security numbers of a handful of people I had never met who live throughout the county. This time, I didn’t pay anything.
Yesterday, I stopped into a bank and walked up to the teller. Without telling her my name, I asked her to pull up the records of 10 of the bank’s customers and to print out their social security numbers for me. The teller gladly complied and charged me the standard rate - about $10 for each record.
Okay, readers, by now you’re no doubt onto me. If you guessed that the third story is pure fiction, you were right.
But the first two are real-life identity theft nightmares. It was truly that easy to get someone else’s social security number.
What gives? It turns out that state and local government agencies have historically done a pretty bad job protecting consumers’ social security numbers. SSNs are often listed on government records that go out to any member of the general public who asks for them. When a homeowner wants to install an air conditioner and takes out a secured loan to finance the unit, what she may not know is that her lender could file a document with the county recorder’s office that displays her social security number, open for anyone to inspect.
It’s now common knowledge that the SSN is the backbone of ID theft; it props up the entire $53 billion-per-year criminal venture. That’s why my third story, about the bank teller selling me SSNs for $10 a pop, was obviously made up. A bank would never give its customer’s info to a complete stranger (for one thing, to do so would be illegal).
The same common-sense standard should apply to SSNs held by government offices.
That’s why I’m very pleased that over the last weekend Governor Schwarzenegger signed my bill, AB 1168, into law. Under AB 1168, the Franchise Tax Board, the Secretary of State, and all 58 county recorders would have to truncate SSNs in records they hold so that no more than the last 4 digits are displayed to the public. (To their credit, the FTB and the SOS got a head start and began truncating SSNs earlier this year.)
It’s a first step in shutting down what’s been tantamount to an ongoing, legally-sanctioned breach of consumers’ personal information.
Of course, “data breaches” come in all sizes and stripes. Sometimes, it’s medical information that falls into the wrong hands. A study last year by Phoenix Health Systems found that more than half of surveyed healthcare providers had experienced a privacy breach, and that many were out of compliance with federal privacy laws. In response, I introduced a bill this year that – among other things – would simply require businesses and state agencies that maintain medical information to notify a patient if her information is subject to a breach. AB 1298 is a simple concept: my health information is among the most sensitive information about me, and if it falls prey to a data breach, I should know about it.
I’m happy to report that Governor Schwarzenegger agreed with this piece of common sense, and signed AB 1298 into law last weekend as well.
Unfortunately, my highest profile privacy bill, AB 779, was vetoed by the Governor on October 13th. AB 779 would have required retailers and government to better protect their customers’ personal information that far too often is left open for hackers and ID thieves to pilfer as part of massive data breaches. In addition to avoiding future data breaches the bill would have better informed consumers after a breach takes place and made retailers and government partially responsible for the financial costs of data breaches. This space had previously written about AB 779 as it was moving through the Legislature.
Our unique coalition of supporters, which included law enforcement, credit unions, consumer groups and organized labor, made a compelling case for these common sense policy changes. That’s why the bill passed the State Assembly by a vote of 73-0 and passed the State Senate by a vote of 30-6.
However, the story behind the AB 779 veto is a simple one. Special business interests won over the public interest. Despite our broad coalition and overwhelming bipartisan support, numerous business interests, led by the California Retailers Association, the California Bankers Association, and the California Chamber of Commerce all urged a veto. So despite evidence showing 1) that only 40% of the nation’s largest retail chains are following current private data security rules, 2) that credit card fraud linked to data breaches is at an all-time high and 3) that the American Bankers Association and other state banking associations have either strenuously criticized retailer security or sued following major data breaches, the Governor acted as if the marketplace was working swimmingly and vetoed my bill. I’m obviously disappointed but remain unbowed, as I know that in the long run we will emerge victorious on this issue.
So there’s more work ahead, but that’s to be expected. There’s no end in sight to the growing number of ways to sell, store, and transmit consumers’ personal information – and as long as that’s the case privacy advocates must be vigilant. I would urge all those with an identity theft story of their own to contact my office at 916-319-2009 or assemblymember.jones@assembly.ca.gov and join the fight for consumer protections.
We took a couple big steps this year. Let’s continue the march forward.
Assemblymember Dave Jones (D-Sacramento) is the Chair of the Assembly Judiciary Committee. He formerly served on the Sacramento City Council. He can be reached at www.assembly.ca.gov/jones.
Comments
In AB 779, proposed Civil Code Section 1724.4(b) was poorly drafted and confusing. It was not clear whether 1724.4(b) covered Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) was muddled about what does and does not constitute "sensitive authentication data" that a merchant would have been forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes, even though Internet and mail-order merchants need to store zip codes for operational purposes. Proposed Section 1724.4(b)'s poorly crafted language would have been a roadblock as innovators try to invent the next PayPal. See detailed analysis at hack-igations --Benjamin Wright, Dallas, Texas
Posted by: Benjamin Wright at October 22, 2007 12:19 PM
In AB 779, proposed Civil Code Section 1724.4(b) was poorly drafted and confusing. It was not clear whether 1724.4(b) covered Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) was muddled about what does and does not constitute "sensitive authentication data" that a merchant would have been forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes, even though Internet and mail-order merchants need to store zip codes for operational purposes. Proposed Section 1724.4(b)'s poorly crafted language would have been a roadblock as innovators try to invent the next PayPal. See detailed analysis at hack-igations --Benjamin Wright, Dallas, Texas
Posted by: Benjamin Wright at October 22, 2007 12:20 PM
I support Assemblymember Dave Jones' efforts, including AB 779, which Governor Schwarzenegger vetoed. If there are some objections to parts of the law by the business community as indicated by Benjamin Wright, above, they can no doubt be negotiated. However, it would be wrong to allow business to win in this situation, or any other capacity in which the consumer's name and personal data are at risk. I was a junk mail list/data broker, and can confirm that the security of individual private information is not the priority when it comes to collecting and selling this valuable asset. The priority is accumulating every morsel available, and selling it as many times as the market will bear. I did it for 35 years, but have recently turned privacy advocate with the belief that consumers should have control over their names and personal data, and be compensated when it is sold. You can read more in my blog, "The Dunning Letter" at: http://www.thedunningletter.blogspot.com
Jack E. Dunning
Cave Creek, AZ
Posted by: Jack E. Dunning at October 22, 2007 01:06 PM
Post a comment
Get Email Updates
Want the California Progress Report by email? Once a week, we'll send you the latest and greatest headlines.
© 2008 California Progress Report Our copyright and fair use policy.
Powered by Mandate Media. Logo design by Jane Norling.
