| Old | New | Differences | |
|---|---|---|---|
| 1 | - | ||
| 1 | + | Amended IN Assembly August 22, 2022 Amended IN Assembly August 15, 2022 Amended IN Senate March 16, 2022 CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Senate Bill No. 1001Introduced by Senator MinFebruary 14, 2022An act to add and repeal Section 8586.6 of the Government Code, relating to consumer protection.LEGISLATIVE COUNSEL'S DIGESTSB 1001, as amended, Min. California Cybersecurity Integration Center: consumer protection: credit reporting.Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.This bill would require the center, by December 31, 2023, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 8586.6 is added to the Government Code, to read:8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 2 | 2 | ||
| 3 | - | ||
| 3 | + | Amended IN Assembly August 22, 2022 Amended IN Assembly August 15, 2022 Amended IN Senate March 16, 2022 CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION Senate Bill No. 1001Introduced by Senator MinFebruary 14, 2022An act to add and repeal Section 8586.6 of the Government Code, relating to consumer protection.LEGISLATIVE COUNSEL'S DIGESTSB 1001, as amended, Min. California Cybersecurity Integration Center: consumer protection: credit reporting.Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.This bill would require the center, by December 31, 2023, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO | |
| 4 | 4 | ||
| 5 | - | ||
| 5 | + | Amended IN Assembly August 22, 2022 Amended IN Assembly August 15, 2022 Amended IN Senate March 16, 2022 | |
| 6 | 6 | ||
| 7 | - | Enrolled September 09, 2022 | |
| 8 | - | Passed IN Senate August 31, 2022 | |
| 9 | - | Passed IN Assembly August 31, 2022 | |
| 10 | 7 | Amended IN Assembly August 22, 2022 | |
| 11 | 8 | Amended IN Assembly August 15, 2022 | |
| 12 | 9 | Amended IN Senate March 16, 2022 | |
| 13 | 10 | ||
| 14 | 11 | CALIFORNIA LEGISLATURE 20212022 REGULAR SESSION | |
| 15 | 12 | ||
| 16 | 13 | Senate Bill | |
| 17 | 14 | ||
| 18 | 15 | No. 1001 | |
| 19 | 16 | ||
| 20 | 17 | Introduced by Senator MinFebruary 14, 2022 | |
| 21 | 18 | ||
| 22 | 19 | Introduced by Senator Min | |
| 23 | 20 | February 14, 2022 | |
| 24 | 21 | ||
| 25 | 22 | An act to add and repeal Section 8586.6 of the Government Code, relating to consumer protection. | |
| 26 | 23 | ||
| 27 | 24 | LEGISLATIVE COUNSEL'S DIGEST | |
| 28 | 25 | ||
| 29 | 26 | ## LEGISLATIVE COUNSEL'S DIGEST | |
| 30 | 27 | ||
| 31 | - | SB 1001, Min. California Cybersecurity Integration Center: consumer protection: credit reporting. | |
| 28 | + | SB 1001, as amended, Min. California Cybersecurity Integration Center: consumer protection: credit reporting. | |
| 32 | 29 | ||
| 33 | - | Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.This bill would require the center, by December 31, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators. | |
| 30 | + | Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.This bill would require the center, by December 31, 2023, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators. | |
| 34 | 31 | ||
| 35 | 32 | Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. | |
| 36 | 33 | ||
| 37 | - | This bill would require the center, by December 31, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators. | |
| 34 | + | This bill would require the center, by December 31, 2023, 2024, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators. | |
| 38 | 35 | ||
| 39 | 36 | ## Digest Key | |
| 40 | 37 | ||
| 41 | 38 | ## Bill Text | |
| 42 | 39 | ||
| 43 | - | The people of the State of California do enact as follows:SECTION 1. Section 8586.6 is added to the Government Code, to read:8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 40 | + | The people of the State of California do enact as follows:SECTION 1. Section 8586.6 is added to the Government Code, to read:8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 44 | 41 | ||
| 45 | 42 | The people of the State of California do enact as follows: | |
| 46 | 43 | ||
| 47 | 44 | ## The people of the State of California do enact as follows: | |
| 48 | 45 | ||
| 49 | - | SECTION 1. Section 8586.6 is added to the Government Code, to read:8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 46 | + | SECTION 1. Section 8586.6 is added to the Government Code, to read:8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 50 | 47 | ||
| 51 | 48 | SECTION 1. Section 8586.6 is added to the Government Code, to read: | |
| 52 | 49 | ||
| 53 | 50 | ### SECTION 1. | |
| 54 | 51 | ||
| 55 | - | 8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 52 | + | 8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 56 | 53 | ||
| 57 | - | 8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 54 | + | 8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 58 | 55 | ||
| 59 | - | 8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 56 | + | 8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics:(1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed.(2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity.(3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity.(b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795.(2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. | |
| 60 | 57 | ||
| 61 | 58 | ||
| 62 | 59 | ||
| 63 | - | 8586.6. (a) On or before December 31, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics: | |
| 60 | + | 8586.6. (a) On or before December 31, 2023, 2024, the California Cybersecurity Integration Center shall submit to the Legislature a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud. The report shall include, but not be limited to, an assessment of the feasibility of, and the potential benefits, risks, and costs of, utilizing all of the following tactics: | |
| 64 | 61 | ||
| 65 | 62 | (1) Requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed. | |
| 66 | 63 | ||
| 67 | 64 | (2) Utilization of statewide alternatives to social security numbers as authenticators in determining an individuals identity. | |
| 68 | 65 | ||
| 69 | 66 | (3) Requiring credit reporting bureaus or lenders to accept alternatives to social security numbers as authenticators in determining an individuals identity. | |
| 70 | 67 | ||
| 71 | 68 | (b) (1) A report to be submitted pursuant to subdivision (a) shall be submitted in compliance with Section 9795. | |
| 72 | 69 | ||
| 73 | 70 | (2) Pursuant to Section 10231.5, this section is repealed on January 1, 2027. |