The California legislature has enacted a flurry of privacy-related laws over the past few months. Still more bills are pending. This post provides a brief overview of new privacy laws enacted in California in 2013, including measures that will become effective on January 1, 2014. For a more detailed look at some of these key laws, please see our recent client alert.
- S.B. 46 – Amendment to California’s Security Breach Notification Law (effective Jan. 1, 2014). California’s existing breach notification law requires an entity to notify consumers following discovery of a data breach involving the unauthorized acquisition of “personal information.” The law defines “personal information” as an individual’s first name or initial and last name in combination with one or more sensitive data elements, such as Social Security number, financial account number, or medical information. This amendment expands the definition of “personal information” to include “a user name or email address, in combination with a password or security question and answer that would permit access to an online account,” regardless of whether name and/or other sensitive data elements are breached.