California Expands Notification Requirements for Data BreachesCalifornia Gov. Jerry Brown has signed three bills into law that expand the requirements of California’s data breach notification law, effective January 1, 2016. The new requirements established by the three bills —   A.B. 964, S.B. 570, and S.B. 34 — include a new notification format, clarification on how substitute notice may be provided and an expanded definition of what constitutes a data breach.

Notification Format

A new format for data breach notices requires that the notice be in plain language, use at least 10 pt. type and be titled, “Notice of Data Breach.” In addition, the notice must include the following five headings:

  1. What Happened
  2. What Information Was Involved
  3. What We Are Doing
  4. What You Can Do
  5. For More Information

Substitute Notice

California allows for “substitute notice” when a company must notify more than 500,000 residents or if the cost of a notification would exceed $250,000. The new law outlines how a company may provide substitute notice in California, including email, website posting for a minimum of 30 days and notifying statewide media as well as the California Department of Technology’s Office of Information.

However, if the breach only involves a resident’s username or email address for an online account in combination with the password or security question, then a company may notify the affected resident via email and advise them to change their password and security question.

Expanded Definitions

While California does not require a breach notice that involves encrypted data, the law has never previously defined “encrypted.” This has now been remedied with the following definition:

“Rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security.”

In addition, the definition of “personal information” has been expanded to include license plate information or information that has been collected via an automated license plate recognition system when that information is associated with an individual’s name.

The attorneys at Glass & Goldberg in California provide high quality, cost-effective legal services and advice for clients in all aspects of commercial compliance, business litigation and transactional law. Call us at (818) 888-2220, send an email inquiry to info@glassgoldberg.com or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.

 

Font Resize
Call Now
Directions