California recently amended Civil Code section 1798.82 to include new disclosure requirements that companies owning, retaining or maintaining personal information must implement following a data breach.
The amendment, which was signed into law by Gov. Jerry Brown on September 30, 2014, made three notable changes to California’s existing data breach law:
Extends the disclosure requirements to companies that only maintain the personal information of California consumers. Personal information is defined as the first name or initial and last name of any individual combined with his or her social security number, driver’s license number, California ID number, financial account numbers and access codes, as well as medical information.
Requires immediate notification and mitigation. California businesses are required to notify affected individuals “immediately” if a data breach occurs and provide identity theft prevention and mitigation services to those affected for at least one year at no cost to the consumer.
Prohibits sale of social security numbers. The new amendment now bars the sale, advertising to sell or offer to sell any social security number.
The only California businesses exempt from the disclosure requirements of this amendment are those that are already regulated by the California Financial Information Privacy Act, HIPAA, the HITECH Act, and businesses that are “regulated by state or federal law providing greater protection to personal information than that provided by this section. Compliance with that state or federal law shall be deemed compliance with this section with regard to those subjects.”
The attorneys at Glass & Goldberg in California provide high quality, cost-effective legal services and advice for clients in all aspects of commercial compliance, business litigation and transactional law. Call us at (818) 888-2220, send an email inquiry to firstname.lastname@example.org or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.