New Law Requires Local Public Agencies in California To Notify Anyone Affected by a Security Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bbklaw.com/?t=40&an=24651&format=xml

Gov. Jerry Brown recently signed Assembly Bill 1149 (AB 1149) and Senate
Bill 46 (SB 46) into law, extending the requirements of the state’s
information privacy breach notice law to local public agencies and
expanding the scope of personal information that prompts a disclosure of a
security breach.

California’s security breach notification law requires state agencies and
businesses to notify residents when the security of their personal
information has been breached. The disclosure must be made as quickly as
possible and without unreasonable delay. Previous law did not place similar
disclosure requirements on local public agencies.

AB 1149, however, expands this disclosure requirement to apply to a breach
of computerized data that is owned, licensed, or maintained by  any county,
city, school district, municipal corporation, special district or other
local public agency. Further, SB 46 expands the scope of personal
information subject to security breach disclosure requirements to include a
user name or e-mail address, in combination with a password or security
question and answer that permits access to an online account. Both laws
take effect on Jan. 1.

Local public agencies will now need to establish a protocol in order to
timely respond in the event of a data breach. In addition, local public
agencies will likely need to file a test claim with the Commission on State
Mandates (Commission) to determine whether the mandatory notification
requirements constitute state-reimbursable mandates. If the Commission
determines parts or all of the notification requirements are state
mandates, then local public agencies can apply to the Legislature for
reimbursement of costs associated with notification.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.