he California State Legislature can't seem to make up its mind when it comes to protecting consumers' personal financial information.

On one hand, new legislation was passed recently to help stem the rapidly increasing incidences of computer network hacks and identity thefts by holding businesses responsible for maintaining security on their systems.

On the other hand, legislation to control the sharing and selling of consumers' financial information between companies like banks, brokerages or insurance companies has been defeated for the fourth time. The bill would have required these companies to obtain their customers' permission to share their information and given consumers the right to opt out.

A new state law went into effect July 1, 2003 requiring any company that stores data electronically and does business in California to notify customers if "unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." Companies must warn any California residents in their databases of security breaches to their corporate networks "in the most expedient time possible," with an e-mail or letter.

For example, according to an Associated Press story, when a retailer discovers its credit card numbers have been stolen, it must e-mail customers alerting them to the break-in and the possibility that the hackers might have their account information.

The new law is the first of its kind in the country and is being looked at as a model for legislation in other states. While the California law contrasts with current Bush administration policies on e-commerce and technology issues, federal legislators also are studying it. The law is intended to increase consumers' awareness when their financial information may have been accessed. It will hold executives accountable for computer fraud and make companies with less than adequate systems more open to lawsuits.

The law goes into effect as identity thefts and network break-ins are on the rise. A poll conducted by the FBI and San Francisco-based Computer Security Institute showed that in the past year, out of 530 companies and agencies surveyed, almost half said their systems had been accessed by an unauthorized, internal hacker and that unauthorized outsiders had broken into more than one third of the networks.

According to the Associated Press story, The U.S. Postal Service reports that 50,000 people are victims of fraud or identity theft every year and that the number is increasing. The U.S. Treasury Department says fraudsters generated between $2 billion and $3 billion in losses with stolen credit cards alone.

Not as successful was the fourth attempt in as many years by state Senator Jackie Speier to get the California Financial Privacy Information Act, or SB1, passed into law. The defeated bill would have required financial companies to obtain their customers' permission before they sold or shared information about them to other companies and given consumers the right to opt out of having their data swapped.

Proponents of SB1 faced strong, well-funded opposition from financial services organizations, including Wells Fargo, Bank of America, Citigroup, JPMorgan Chase, Capital One and the California State Assembly Committee on Banking and Finance. Speier cited previous state Senate committee estimates that the trading and sale of personal information is a $900 million-a-year industry, generating profits of $500 million, in California alone.