California’s SB 1386 was the first law of its type in the United States to do what?
California’s SB 1386 was the first law of its type in the United States to do what?
California’s SB 1386 was the first law in the United States to require commercial entities to disclose a security data breach concerning personal information about the state’s residents. This law mandates that any person or entity that conducts business in California and owns or licenses computerized data that includes personal information must disclose any breach of the security of the system to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
SB 1386 went into affect on July 1, 2003. Under the law, covered parties must disclose any breach of the security of personal data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
What is required or prohibited? This law requires all persons to disclose any breach of system security to any “Resident of California” whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person Why does this law exist? SB 1386 was enacted because security breaches of computerized databases are feared to cause identity theft and individuals should be notified about these breaches so they can take steps to protect themselves. Anyone with a security breach that puts people at real risk of identity the should consider notifying them even if they are not subject to this law.