California Expands Security Breach Notification Requirements


A new amendment to California’s security breach notification law will raise the stakes for businesses required to give notice of a data security breach affecting California residents. California Senate Bill 24 (“SB 24”), signed by Governor Brown on August 31, 2011, imposes detailed new requirements for the content of security breach notices. Significantly, SB 24 also requires notice to the California Attorney General for larger-scale security breaches.

California’s security breach notification law was the first of its kind to be approved by a state legislature. It requires a person or entity conducting business in California to notify California residents whose unencrypted “personal information” was (or is reasonably believed to have been) acquired by an unauthorized person through a security breach. Notice may be provided in written form, electronic form, or through “substitute notice.”3 SB 24 expands both the requirements regarding content of these notices and the scope of necessary recipients.

SB 24’s provisions will become effective on January 1, 2012.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Morrison & Foerster LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.