New California Law Requires Notification of Security Breaches
(Senate Bill 1386), Effective 07/01/03
Starting July 1, 2003, security breaches will require any person
or business in California to notify any California resident whose
information is compromised. Specifically, under this new law,
any agency, person or business that conducts business in California
and that owns or licenses computerized data that includes personal
information is required to disclose any breach in the security
of the data to any resident of California whose unencrypted personal
information has been compromised.
The Bill defines a “breach of the security of the system”
as an “unauthorized acquisition of computerized data that
compromises the security, confidentiality, or integrity of personal
information maintained by the agency, person or business.”
Personal information that triggers the notification requirement
of the Bill includes an individual’s first name or first
initial and last name combined with one or more of the following
pieces of data when either the name or the piece of data is not
- Social security number;
- Driver’s license number or California Identification
Card number; or
- Account number, credit or debit card number, in combination
with any required security code, access code, or password that
would permit access to an individual’s financial account.
Notice in connection with the security breach must be given
“in the most expedient time possible and without unreasonable
delay.” The Bill provides for written or electronic notice.
Look to future eTips on what you should do as an employer, to
be compliant under this new law.