BreachExchange mailing list archives
Re: Suggestion for changing status quo on data losses
From: Beth Givens <bgivens () privacyrights org>
Date: Sat, 02 Aug 2008 15:07:51 -0700
FYI, California has a security requirement law on the books. Here's the summary, along with a link to the text of the law: * <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>Security of Personal Information - Civil Code section 1798.81.5. This law requires specified businesses to use safeguards to ensure the security of Californians' personal information (defined as name plus SSN, driver's license/state ID, financial account number) and to contractually require third parties to do the same. It does not apply to businesses that are subject to certain other information security laws. This law is in addition to the security breach notice law, implemented in 2003, the first of such laws in the nation: * Security Breach Notice - Civil Code sections <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.25-1798.29>1798.29, <http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84>1798.82, and 1798.84. This law requires a business or a State agency that maintains unencrypted computerized data that includes personal information, as defined, to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The type of information that triggers the notice requirement is an individual's name plus one or more of the following: Social Security number, driver's license or California Identification Card number, financial account numbers, medical information or health insurance information. The law's intention is to give affected individuals the opportunity to take steps to protect themselves from identity theft. See the Office of Privacy Protection's <http://www.oispp.ca.gov/consumer_privacy/laws//consumer_privacy/pdf/secbreach.pdf>Recommended Practices in relation to this law.
Beth Givens Privacy Rights Clearinghouse, Director www.privacyrights.org
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: Suggestion for changing status quo on data losses Beth Givens (Aug 02)