California Disclosure Law Has National Reach

from the what-goes-in-California-goes-everywhere dept

Here’s an interesting discussion concerning the new California anti-identity theft legislation that requires companies to admit when there was a security breach. It seems that this California law will impact any business with customers in California – meaning, just about any online business. This could bring up some more internet jurisdiction questions (as if we need some more). The article also points out what they call the “ROT13 loophole”, which basically says that you don’t have disclose a security breach if “encryption” is used – but gives no indication how strong the encryption needs to be. It would be fun to see companies implementing incredibly weak (useless) encryption for their databases, not to satisfy any justifiable business need, but to protect them from having to disclose any security breaches.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...