[Dataloss] Suggestion for changing status quo on data losses

Beth Givens bgivens at privacyrights.org
Sat Aug 2 22:07:51 UTC 2008 

FYI, California has a security requirement law on the books. Here's 
the summary, along with a link to the text of the law:
    * 
<http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>Security 
of Personal Information - Civil Code section 1798.81.5. This law 
requires specified businesses to use safeguards to ensure the 
security of Californians' personal information (defined as name plus 
SSN, driver's license/state ID, financial account number) and to 
contractually require third parties to do the same. It does not apply 
to businesses that are subject to certain other information security laws.
This law is in addition to the security breach notice law, 
implemented in 2003, the first of such laws in the nation:
    * Security Breach Notice - Civil Code sections 
<http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.25-1798.29>1798.29, 
<http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>1798.82, 
and 1798.84. This law requires a business or a State agency that 
maintains unencrypted computerized data that includes personal 
information, as defined, to notify any California resident whose 
unencrypted personal information was, or is reasonably believed to 
have been, acquired by an unauthorized person. The type of 
information that triggers the notice requirement is an individual's 
name plus one or more of the following: Social Security number, 
driver's license or California Identification Card number, financial 
account numbers, medical information or health insurance information. 
The law's intention is to give affected individuals the opportunity 
to take steps to protect themselves from identity theft. See the 
Office of Privacy Protection's 
<http://www.oispp.ca.gov/consumer_privacy/laws//consumer_privacy/pdf/secbreach.pdf>Recommended 
Practices in relation to this law.

Beth Givens
Privacy Rights Clearinghouse, Director
www.privacyrights.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20080802/e974c36f/attachment.html

More information about the Dataloss mailing list