BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suggestion for changing status quo on data losses

From: Beth Givens <bgivens () privacyrights org>
Date: Sat, 02 Aug 2008 15:07:51 -0700
FYI, California has a security requirement law on the books. Here's the summary, along with a link to the text of the law: * <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>Security of Personal Information - Civil Code section 1798.81.5. This law requires specified businesses to use safeguards to ensure the security of Californians' personal information (defined as name plus SSN, driver's license/state ID, financial account number) and to contractually require third parties to do the same. It does not apply to businesses that are subject to certain other information security laws. This law is in addition to the security breach notice law, implemented in 2003, the first of such laws in the nation: * Security Breach Notice - Civil Code sections <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.25-1798.29>1798.29, <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>1798.82, and 1798.84. This law requires a business or a State agency that maintains unencrypted computerized data that includes personal information, as defined, to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The type of information that triggers the notice requirement is an individual's name plus one or more of the following: Social Security number, driver's license or California Identification Card number, financial account numbers, medical information or health insurance information. The law's intention is to give affected individuals the opportunity to take steps to protect themselves from identity theft. See the Office of Privacy Protection's <http://www.oispp.ca.gov/consumer_privacy/laws//consumer_privacy/pdf/secbreach.pdf>Recommended Practices in relation to this law. 

Beth Givens
Privacy Rights Clearinghouse, Director
www.privacyrights.org

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: