California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked

more+
less-

On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised.

Currently, the law requires notification of a breach when a California resident’s unencrypted personal information is compromised. However, effective January 1, 2017, the amended law requires notification of a security breach when (a) there is unauthorized acquisition of both encrypted personal information and the encryption key or security credential, and (b) the business has a reasonable belief that the encryption key or security credential could render such personal information readable or useable.

Encryption is the conversion of data into a form that is unreadable to an unauthorized person. The California law defines “encryption key” as the confidential key or process designed to render the data readable.

The law is applicable to all persons and businesses that own or license computerized data and conduct business in California, as well as state agencies that own or license computerized data.

California was the first state in the U.S. to require notification of security breaches (its law became effective in 2003). California last amended its data breach notification law in October 2015 to define “encrypted,” as well as expand the definition of “personal information” and update the requirements for a security breach notification letter.

[View source.]


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Written by:

more+
less-

Proskauer - Privacy & Data Security on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×