Last week, California governor Jerry Brown signed into law SB 24 which updates California's existing data breach notification law (SB 1386) by adding new requirements for data breach notices sent to affected California residents. The bill was sponsored by State Senator Joe Simitian, whose office provided a fact sheet
summarizing the bill's main points:
- Establishes standard, core content -- such as the type of information breached, time of breach, and toll-free telephone numbers and addresses of the major credit reporting agencies -- for security breach notices in California;
- Requires public agencies, businesses, and persons subject to California’s security breach notification law, if more than 500 California residents are affected by a single breach, to send an electronic copy of the breach notification to the Attorney General; and,
- Requires public agencies, businesses and persons subject to California’s security breach notification law, if they are utilizing the substitute notice provisions in current law, to also provide that notification to the Office of Information Security or the Office of Privacy Protection, as applicable.
Labels: California, Data Breach Notification