SB 591: California Cybersecurity Integration Center: consumer protection: credit reporting.

Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to serve as the central organizing hub of state governments cybersecurity activities and to coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.

This bill would require the center, by December 31, 2025, to submit to the Legislature, as specified, a report on the feasibility of, and the potential benefits, risks, and costs of, requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators.