Insights

California Increases Data Breach Notification Detail Requirements

California has passed a bill that requires
companies to provide more information to their consumers when a data breach
occurs. The Senate
Bill 24
establishes standards for the details to be included in data breach
notifications; which builds off Senate Bill 1386 which required organizations
to notify individuals after a breach of personal information.

The bill also requires companies to send an
electronic copy of the notification to the state attorney general if the breach
affects more than 500 people in the state of California. Senator Simitian said
this bill is the next logical step to ensure consumers have the specific
information they need to protect themselves after a data breach.

The new fraud prevention bill
requires that breach notifications must be:

  • Be written in plain language;
  • Include the name and contact information
    of the agency breached;
  • Provide a list of the personal
    information reasonably believed to have been subject to the breach;
  • Spell out the date of the breach, the
    estimated date of the breach or the date range within which the breach
    occurred;
  • Specify whether the id
    verification
    notification was delayed as a result of a law enforcement
    investigation;
  • Offer a general description of the
    breach incident;
  • Provide toll-free telephone numbers and
    addresses of the major credit reporting agencies, if the breach exposed a
    Social Security number or a driver’s license or California identification
    card number;
  • Include information about what the
    organization has done to protect individuals whose information was
    breached;
    and
  • Outline steps individuals may take to
    protect himself or herself.

    Explore more articles