SACRAMENTO, Calif. — Legislation outlining notification requirements in a data security breach passed out of the California Assembly Judiciary Committee last week and is heading for a hearing in the Business and Professions Committee April 24.

The Data Breach Notification bill (AB 779), authored by Assembly Member Dave Jones, is backed by the California Credit Union League.

The legislative analysis states “it has become clear that a number of entities are simply not adequately protecting consumer personal information in such a way to minimize or mitigate security breaches,” and lists TJ Maxx and other retail establishments as examples.

“Passing out of this important committee in such strong fashion will provide initial momentum for the bill,” California and Nevada Credit Union Leagues' President/CEO Bill Cheney said. “However, it is not without opposition.” A coalition of state associations opposed the legislation, including the California Bankers Association, California Mortgage Bankers Association, as well as the state's financial services, grocers, retailers and restaurant associations.

Under the California Civil Code (Section 1798.82), the owner or licensee of computerized data containing personal information is required to notify consumers if that information is breached, even if they did not cause the breach. When a data breach takes place outside a credit union, the credit union still incurs the financial and member relation's costs of notification. No reimbursement is required and the credit union is not entitled to know where the breach occurred.