California Expands Its Privacy Laws Regarding Data Breach Notice

more+
less-

In less than two months, when S.B. 46 becomes effective on January 1, 2014, California will extend its data breach notification requirements to a new area: individual online user accounts. Clients should take note of this significant development. It is a substantial enlargement of the notification burdens that many companies face (in particular, companies that conduct business in California and that own or license computerized data including personal information), and is indicative of, and may prefigure, other jurisdictions’ efforts to update their privacy laws to ensure online privacy in emerging areas.

S.B. 46 Broadens California’s Current Data Breach Notification Requirements Under current California law, a business that owns or licenses computerized “personal information” must “disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” “Personal information” means “an individual’s first name or first initial and last name” in combination with one or more additional data elements. These data elements include a variety of individual identifiers: social security numbers; driver’s license or state identification card numbers; bank-, credit-, or debit-card numbers (when combined with the account’s access or security code, or password); medical information; and health insurance information. “Personal information” does not include information that is publicly available through federal, state, or local government records...

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Breach Notification Rule, Data Breach, Personally Identifiable Information, Privacy Laws

Published In: General Business Updates, Communications & Media Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »