Bill Text: CA SB1001 | 2021-2022 | Regular Session | Amended

California Senate Bill 1001 (Prior Session Legislation)

NOTE: There are more recent revisions of this legislation. Read Latest Draft

Bill Title: California Cybersecurity Integration Center: consumer protection: credit reporting.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Vetoed) 2022-09-23 - In Senate. Consideration of Governor's veto pending. [SB1001 Detail]

Download: California-2021-SB1001-Amended.html

Amended IN Senate March 16, 2022

CALIFORNIA LEGISLATURE— 2021–2022 REGULAR SESSION

Senate Bill

No. 1001

Introduced by Senator Min

February 14, 2022

An act to ~~amend Section 530.7 of the Penal~~ add and repeal Section 8586.6 of the Government Code, relating to ~~identity theft.~~ consumer protection.

LEGISLATIVE COUNSEL'S DIGEST

SB 1001, as amended, Min. ~~Identity theft: database.~~ California Cybersecurity Integration Center: consumer protection: credit reporting.

Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state government’s cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.
This bill would require the center, by December 31, 2023, to submit to the Legislature, as specified, a report on the feasibility and benefits of requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators.
Existing law requires the Department of Justice to establish and maintain a database of individuals who have been victims of identity theft and to provide a victim of identity theft, or their authorized representative, access to the database in order to establish that the individual has been a victim of identity theft.
~~This bill would make technical, nonsubstantive changes to that provision.~~

Vote: MAJORITY Appropriation: NO Fiscal Committee: NOYES Local Program: NO

The people of the State of California do enact as follows:

SECTION 1.

Section 8586.6 is added to the Government Code, to read:

8586.6.
(a) On or before December 31, 2023, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility and benefits of requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility and benefits of utilizing all of the following tactics:
(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.
(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individual’s identity, including a Social Security Number Plus (SSN+), a mobile driver’s license, or other proposals that may be promising.
(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individual’s identity.
(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.
(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027.

SECTION 1.Section 530.7 of the Penal Code is amended to read:
530.7.
(a)In order for a victim of identity theft to be included in the database established pursuant to subdivision (c), they shall submit to the Department of Justice a court order obtained pursuant to any law, a full set of fingerprints, and any other information prescribed by the department.
(b)Upon receiving information pursuant to subdivision (a), the Department of Justice shall verify the identity of the victim against any driver’s license or other identification record maintained by the Department of Motor Vehicles.
(c)The Department of Justice shall establish and maintain a database of individuals who have been victims of identity theft. The department shall provide a victim of identity theft or their authorized representative access to the database in order to establish that the individual has been a victim of identity theft. Access to the database shall be limited to criminal justice agencies, victims of identity theft, and individuals and agencies authorized by the victims.
~~(d)The Department of Justice shall establish and maintain a toll-free telephone number to provide access to information under subdivision (c).~~