As Becerra noted, California was the first state to pass a data breach notification law back in 2003, requiring businesses to disclose if consumers' personal information had been stolen. However, only social security numbers, driver's license numbers, credit card numbers and medical and health insurance data are considered "personal information" under its rules.
While Starwood Hotels disclosed the security breach, other companies might not be as forthcoming when they're not legally required to divulge a hack based on what was stolen. That's why this bill aims to update the law in order to add passport numbers and biometric information, such as fingerprints and iris scans, to the list of recognized personal information. Passport numbers are government-issued identifiers, after all, and a bad actor could use them to steal a person's identity via social engineering or to commit fraud.
The Attorney General said in a statement:
"Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization. We are grateful to Assemblymember Levine for introducing this bill to improve our state's data breach notification law and better protect the personal data of California consumers. AB 1130 closes a gap in California law and ensures that our state remains the nation's leader in data privacy and protection."