E-TIPS

New California Law Requires Notification of Security Breaches (Senate Bill 1386), Effective 07/01/03

Starting July 1, 2003, security breaches will require any person or business in California to notify any California resident whose information is compromised. Specifically, under this new law, any agency, person or business that conducts business in California and that owns or licenses computerized data that includes personal information is required to disclose any breach in the security of the data to any resident of California whose unencrypted personal information has been compromised.

The Bill defines a “breach of the security of the system” as an “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency, person or business.” Personal information that triggers the notification requirement of the Bill includes an individual’s first name or first initial and last name combined with one or more of the following pieces of data when either the name or the piece of data is not encrypted:

• Social security number;
• Driver’s license number or California Identification Card number; or
• Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Notice in connection with the security breach must be given “in the most expedient time possible and without unreasonable delay.” The Bill provides for written or electronic notice. Look to future eTips on what you should do as an employer, to be compliant under this new law.