California Strengthens its Data Breach Notification Law
Joseph Lazzarotti writes:
As we suspected, California’s current governor, Edmund G. “Jerry” Brown, Jr. (D), signed into law S.B. 24, which adds some additional protections to the state’s current data breach notification requirements. The champion of this law and its recent enhancements, State Sen. Joe Simitian (D-Palo Alto), has finally succeeded after a number of prior attempts to pass this measure were vetoed by then-Gov. Arnold Schwarzenegger (R).
Summary of Changes
Under S.B. 24, breaches occurring on and after January 1, 2012, that require notification to California residents will have to meet the following additional requirements:
- The notifications themselves will need to satisfy specific content requirements, such as including a description of the type of information breached, time of breach, and toll-free telephone numbers and addresses of the major credit reporting agencies;
- If more than 500 California residents are affected by a single breach, an electronic copy of the breach notification must be send to the California Attorney General;