[Dataloss] California data-breach law now covers medical information
lyger
lyger at attrition.org
Fri Jan 4 12:52:27 UTC 2008
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/01/04/BUR6U9000.DTL
California residents must now be notified when their electronic medical
information or health insurance information has been exposed.
AB1298, which took effect Tuesday, expands California's data-breach
notification law to include unencrypted medical histories, information on
mental or physical conditions, and medical treatments and diagnoses.
Also covered under the law are unencrypted insurance policy or subscriber
numbers, any applications for insurance, claims histories and appeals.
The exposed information must include a California resident's name to
require notification but does not need to include Social Security numbers.
The law applies to state agencies and any company that does business with
Californians, even if its headquarters are not in the state.
[...]
More information about the Dataloss
mailing list