California Amends Its Security Breach Notification Law
Beginning January 1, 2012, any business that is required, under California's security breach notification law, to provide notice to individuals must include in the notice a list of the types of personal information that were the subject of the breach, the date of the breach, a general description of the breach, and toll-free telephone numbers and addresses of the major credit reporting agencies. The amended law also requires businesses that are required to provide notice to more than 500 California residents as the result of a single breach to provide a sample copy of the notice to the Office of the Attorney General. The provision concerning substitute notice (which applies when a business demonstrates that the cost of providing notice would exceed $250,000 or that the affected class exceeds 500,000 individuals or when the business does not have sufficient contact information) has been amended to require, among other things, notice to California's Office of Privacy Protection. Businesses that are in compliance with HIPAA's security breach notification requirements will be deemed to be in compliance with California's law. A copy of Senate Bill 24 is available here. (Please see article below for link.)
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
