Welcome
Privacy & Data Security Law News

California Extends Data Breach Law to Passports, Biometric Data

Oct. 12, 2019, 9:05 PM

Passports and biometric data are now included in the types of personal information covered by California’s data breach notification law, under a bill signed by Gov. Gavin Newsom.

The measure, A.B. 1130, by Assemblyman Marc Levine (D), also adds taxpayer and military identification numbers, and other unique government identification numbers to the data breach law, which has been in place since 2002. Newsom (D) signed the legislation Oct. 11.

Social Security numbers, driver’s license numbers, usernames and passwords, and health information were already covered under the law, which requires businesses and government agencies holding the information to notify consumers about data breaches.

The law requires that businesses use reasonable security practices to protect covered information.

California Attorney General Xavier Becerra (D) sponsored the bill.

“Now, California law will require companies to treat consumers’ passport numbers and unique biometric data with the same security that they would a credit card or Social Security number — if you collect it, you must protect it,” Becerra said.

The new law takes effect Jan. 1, 2020.

To contact the reporter on this story: Laura Mahoney in Sacramento, Calif. at lmahoney@bloomberglaw.com
To contact the editor responsible for this story: Keith Perine at kperine@bloomberglaw.com