A bill introduced by California Assembly member Marc Levine (D-San Rafael) seeks to close a loophole in the state’s current tough data breach notification law which could see breaches of highly sensitive information go unreported.
It would add passport numbers and biometric data to the list of information whose breach triggers a requirement for the individuals to be notified. That list currently covers information such as bank account details, Social Security and driver license numbers, health and insurance information, and passwords.
The bill was prompted by the massive data breach of Marriott’s systems last year, which included the passport numbers of more than 25 million customers. While the other information stolen required notification, the hotel chain could have refrained from notifying the passport holders under current California law.