CA Data Breach Notification Law

The California Data Breach Notification Bill (SB 24) was signed into law by Governor Jerry Brown, mandating that holders of data notify consumers whose personal data has been breached.

The identity theft protection legislation was authored by California State Senator Joe Simitian (D-Palo Alto), who has been trying to get it signed into law for several years.

Senate Bill 24 gives California consumers increased power to help prevent their identities from being exploited into oblivion.

Due to security breaches, 500 million personal records of consumers nationwide have been exposed over the last six years. Some of the breached records contained Social Security numbers, bank account numbers, credit card numbers or medical information.

Data breaches are an all-too-common way to steal an individual's identity, so California Senate Bill 24 provides increased strength to the state's privacy breach law by mandating the notification of each consumer - including specific details - whose data is compromised.

"Senate Bill 24 is the logical next step to ensure consumers have the specific information they need to protect themselves after a data breach," said Senator Simitian.

"No one likes to get the news that personal information about them has been stolen but, when it happens, people deserve to get the information they need to decide what to do next."

The new California law establishes content for data breach notifications to consumers which must include:

• A description of the breach incident
• What type of personal information was breached
• What time the breach occurred
• Contact information for the major credit reporting agencies in California

SB 24 also requires holders of data to rush a copy of the consumer notification to the California Attorney General if a single breach affects more than 500 Californians.

The California Data Breach Notification Law signed by Governor Jerry Brown takes effect in 2012.