SB20 didn’t go through because it would have imposed a larger procedure for breach responses; yet, the bill lacked “teeth”.  Most privacy advocates disagree with Governor Schwarzenegger that there weren’t additional consumer benefits.

 BILL NUMBER:  SB 20
  VETOED	DATE: 10/11/2009
To the Members of the California State Senate:
I am returning Senate Bill 20 without my signature.
This bill would require any agency, person, or business that must
issue an information security breach notification pursuant to
existing law to also fulfill certain additional requirements
pertaining to the security breach notification.
California's landmark law on data breach notification has had many
beneficial results.  Informing individuals whose personal information
was compromised in a breach of what their risks are and what they
can do to protect themselves is an important consumer protection
benefit. This bill is unnecessary, however, because there is no
evidence that there is a problem with the information provided to
consumers.  Moreover, there is no additional consumer benefit gained
by requiring the Attorney General to become a repository of breach
notices when this measure does not require the Attorney General to do
anything with the notices.  Since this measure would place
additional unnecessary mandates on businesses without a corresponding
consumer benefit, I am unable to sign this bill.
Sincerely,
Arnold Schwarzenegger