California Amends Data Breach Notification Law

California has one of the toughest breach notification laws in the country.  Although it is strong on notification, the current law lacks direction on what information to include when issuing a data breach notification.  Senate Bill 24, which was signed by Governor Brown on August 31, 2011 and goes into effect January 1, 2012, amends SB 1386 to include standard, core content when notifying individuals of a data breach.

SB 24 requires certain content in data breach notifications, including a general description of the incident; the type of information breached; the date or date range of the breach; the name and contact information of the reporting agency; and the toll-free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a Social Security number or a driver’s license.

In addition, SB 24 also mandates the breached agency send an electronic copy of the notification to the California Attorney General if a single breach affects more than 500 Californians.

We have seen many vague and unhelpful notification letters in the news.  I believe the requirements of SB 24 aim to help consumers gain a greater understanding of how to respond and protect themselves against identity theft.

Posted by Mike Fitzpatrick, CEO, NCX Group