SACRAMENTO — In an effort to close a loophole in California's data breach notification law, the state's attorney general, along with a state assembly member have proposed legislation that would required businesses to give notice to customers if their passport numbers and "biometric information" have been compromised.
AB 1130, proposed by California Attorney General Xavier Becerra and Assemblyman Marc Levine, would update current state law on breach notification to include passport numbers as "personal information," according to the Attorney General's Office.
“Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization,” Becerra said in a statement. "AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection."
“There is a real danger when our personal information is not protected by those we trust,” Levine added. “Businesses must do more to protect personal data, and I am proud to stand with Attorney General Becerra in demanding greater disclosure by a company when a data breach has occurred. AB 1130 will increase our efforts to protect consumers from fraud and affirms our commitment to demand the strongest consumer protections in the nation.”
The proposed bill stems from a 2018 data breach experienced by Marriott during which the guest database from its Starwood Hotels revealed more than 327 million records, including more than 25 million passport numbers, according to Becerra's office.