- Requires the disclosure and notification of security breaches to any resident of California whose unencrypted personal data has been acquired by an unauthorized entity
- Defines that personal data is an individual´s first initial or name and last name in conjunction with that individual´s social security number, driver´s license number or California identification card number, an account number, credit, or debit card number in combination with any required security code, access code, or password that would permit access to an individual´s financial account.
- Explains delayed notification may be allowed only if law enforcement deems it will compromise an investigation into criminal activity
- Describes the varying accepted methods of notifying affected individuals
The Senate Bill 1386, also known as the California Information Practice Act, requires that any person, business, or governmental agency that conducts business within the state of California and those that license or own any computerized personal information of any California residents, comply with the standards of regulation of data security. As a protection against identity theft, the law further provides information on the standards, regulations, and procedures regarding notification and disclosure of breached security and data privacy of unencrypted information.
|
