IT | Security

California Amends Breach Notification Law

By: Absolute Team | 9/9/2011

We try to stay abreast of changes in breach and privacy laws. Though we won't post details here on every new proposed National bill or every small change in State laws, sometimes a change will catch our eye. Today we read about an amendment to the California Breach Notification Law that adds some detail-rich requirements for businesses notifying consumers of a breach.

As of January 1, 2012, breach notifications to California residents will need to be:

  • written in "plain English"
  • include the date of the notice
  • include the date or estimated date of the breach
  • include the types of information likely impacted
  • general description of the breach incident
  • whether notification was delayed as a result of a law enforcement investigation

These requirements up the ante for breach notifications, as many times details on the date of a breach and how it occurred are omitted. This information is crucial for consumers to weigh their options both for privacy and future trust.

These changes apply to companies whose primary business is within California, though it does not address Nation-wide companies. One day we will see one of the many proposed pieces of legislation actually get passed - hopefully soon!