Bay State Security Breach – Implications for the Golden State

Broc Romanek recently posted an item from Alan Parness concerning a security breakdown at the Massachusetts Securities Division.  Alan raises an excellent question about whether a state agency would be as forgiving of someone that it regulates.

Privacy would seem to be a very important issue in California.  In fact, the very first article and section of the California Constitution guarantees an "inalienable" right of privacy.  In 1977, the legislature reinforced this right with respect to state agencies by enacting the Information Practices Act of 1977, Civil Code Section 1798 et seq. That act imposes a number of specific obligations and restrictions upon state agencies (including the Department of Corporations) with respect to the collection and disclosure of personal information.  For example, each individual is entitled to inquire and be notified about whether a state agency maintains a record about him or her.  In addition, Government Code Section 11019.9 requires each state agency to adopt a privacy policy.  Here are the privacy policies of the Department of Corporations and the Secretary of State.  In theory, there are significant civil and criminal penalties for violations of the Information Practices Act.

In a future post, I plan to discuss a privacy flaw in at least one of the Department's forms.