Earlier this week, California Governor Jerry Brown signed into law an amendment to California’s breach notice law (S.B. No. 24).  Former Governor Arnold Schwarzenegger vetoed similar legislation in 2008, 2009, and 2010. 

As Inside Privacy noted when the legislation first moved through the California Senate on April 14, the legislation will amend California’s existing security breach notification requirements by:

  • Requiring businesses subject to California’s security breach notification law to send an electronic copy of a breach notification to the California Attorney General, if more than 500 Californians are affected by a single breach.
  • Establishing standard content requirements for data breach notifications to California residents, including the type of information breached, the date of the breach, and a toll-free telephone number of major credit reporting agencies; and
  • Clarifying that a covered entity under the Health Insurance Portability and Accountability Act of 1996 that complies with applicable breach notice requirements will be deemed to comply with the new content requirements for breach notifications in California.

The new law goes into effect January 1, 2012.  It makes California one of more than a dozen states that require notice to state regulators in the event of a breach that triggers notification to individuals, with some variation among the states with respect to the threshold of affected individuals that triggers notice to the regulator.

The bill’s author, California Senator Joe Simitian (D-Palo Alto), was the original sponsor of California’s landmark data breach notification law, first enacted in 2003.  California’s breach notice bill has been amended on prior occasions, including a 2007 amendment that added health information to the type of data that may trigger a notification obligation.

Print:
EmailTweetLikeLinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.