5 things to know about California's new statewide data breach notification laws

Three new bills have been signed into law in California to update statewide policy regarding data breach notification.

Here are five things to know about the new laws.

• The first bill, 964, discusses the definition of encrypted data and limitations on acceptable encryption. For the purpose of all provisions covered within the law, data qualified as "encrypted" is unusable and indecipherable to any unauthorized entity that gains access to it.
• "Personal information" can refer to any identifying information about an individual, including Social Security number, medical or health insurance information and anything else not publicly available within government records.
• The second bill, 570, covers formatting changes for data breach notifications. These include the provision all breach notifications must be titled "Notification of Data Breach", be printed no smaller than 10-point type and adhere to the format of a model notification form written into the law.
• The model notification form includes sections for what happened, what information was involved, what steps the organization is taking and what affected individuals can do, in addition to sections for additional information.
• The third bill, 34, expands the definition of personal information to include data collected via automated license plate recognition and imposes requirements on ALPR operators to maintain specified records of accessing ALPR information.

More articles on health IT:

ONC unveils final Interoperability Roadmap: 10 things to know
Florida Health Plan mailing error causes data breach
15 criticisms on the lack of EHR interoperability from an AHA report

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months