5 things to know about California's new statewide data breach notification laws

Staff -

Three new bills have been signed into law in California to update statewide policy regarding data breach notification.

Here are five things to know about the new laws.

• The first bill, 964, discusses the definition of encrypted data and limitations on acceptable encryption. For the purpose of all provisions covered within the law, data qualified as "encrypted" is unusable and indecipherable to any unauthorized entity that gains access to it.
• "Personal information" can refer to any identifying information about an individual, including Social Security number, medical or health insurance information and anything else not publicly available within government records.
• The second bill, 570, covers formatting changes for data breach notifications. These include the provision all breach notifications must be titled "Notification of Data Breach", be printed no smaller than 10-point type and adhere to the format of a model notification form written into the law.
• The model notification form includes sections for what happened, what information was involved, what steps the organization is taking and what affected individuals can do, in addition to sections for additional information.
• The third bill, 34, expands the definition of personal information to include data collected via automated license plate recognition and imposes requirements on ALPR operators to maintain specified records of accessing ALPR information.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.