New Law Requires Local Public Agencies in California To Notify Anyone Affected by a Security Breach

Cities, Counties, Special Districts and School Districts Must Now Notify Those Impacted by Security Breaches

Gov. Jerry Brown recently signed Assembly Bill 1149 (AB 1149) and Senate Bill 46 (SB 46) into law, extending the requirements of the state’s information privacy breach notice law to local public agencies and expanding the scope of personal information that prompts a disclosure of a security breach.

California’s security breach notification law requires state agencies and businesses to notify residents when the security of their personal information has been breached. The disclosure must be made as quickly as possible and without unreasonable delay. Previous law did not place similar disclosure requirements on local public agencies. 

AB 1149, however, expands this disclosure requirement to apply to a breach of computerized data that is owned, licensed, or maintained by  any county, city, school district, municipal corporation, special district or other local public agency. Further, SB 46 expands the scope of personal information subject to security breach disclosure requirements to include a user name or e-mail address, in combination with a password or security question and answer that permits access to an online account. Both laws take effect on Jan. 1. 

Local public agencies will now need to establish a protocol in order to timely respond in the event of a data breach. In addition, local public agencies will likely need to file a test claim with the Commission on State Mandates (Commission) to determine whether the mandatory notification requirements constitute state-reimbursable mandates. If the Commission determines parts or all of the notification requirements are state mandates, then local public agencies can apply to the Legislature for reimbursement of costs associated with notification.

Written by:


Best Best & Krieger LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.