New Law Requires Local Public Agencies in California To Notify Anyone Affected by a Security Breach

Cities, Counties, Special Districts and School Districts Must Now Notify Those Impacted by Security Breaches

Gov. Jerry Brown recently signed Assembly Bill 1149 (AB 1149) and Senate Bill 46 (SB 46) into law, extending the requirements of the state’s information privacy breach notice law to local public agencies and expanding the scope of personal information that prompts a disclosure of a security breach.

California’s security breach notification law requires state agencies and businesses to notify residents when the security of their personal information has been breached. The disclosure must be made as quickly as possible and without unreasonable delay. Previous law did not place similar disclosure requirements on local public agencies. 

AB 1149, however, expands this disclosure requirement to apply to a breach of computerized data that is owned, licensed, or maintained by  any county, city, school district, municipal corporation, special district or other local public agency. Further, SB 46 expands the scope of personal information subject to security breach disclosure requirements to include a user name or e-mail address, in combination with a password or security question and answer that permits access to an online account. Both laws take effect on Jan. 1. 

Local public agencies will now need to establish a protocol in order to timely respond in the event of a data breach. In addition, local public agencies will likely need to file a test claim with the Commission on State Mandates (Commission) to determine whether the mandatory notification requirements constitute state-reimbursable mandates. If the Commission determines parts or all of the notification requirements are state mandates, then local public agencies can apply to the Legislature for reimbursement of costs associated with notification.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Best Best & Krieger LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.