Published by LawTechie - May 21, 2013 - LawTechie

Internet LawyerLate last week the California State Senate passed SB 46 which requires all California entities, both private and governmental, to notify customers upon the discovery of a security breach. The law is similar to HIPAA in its notification requirements when it comes to security breaches affecting companies that store any customer information. The federal HIPAA law applies only to medical service providers that store patient health information, whereas existing California law applies to all entities storing customer data:

Existing law currently requires the groups noted above to notify their clients or customers when they reasonably believe that an unauthorized person has acquired personal information that includes unencrypted social security numbers, driver’s license numbers, medical information, health insurance information and specific financial account information, such as credit card numbers with security codes.  Unfortunately, current law does not require similar customer notification when passwords, usernames or security questions / answers are changed.

So it would seem that the newly proposed SB 46 would even further expand California’s expansion on HIPAA, requiring data-holders to notify customers of breach regardless of the type of information accessed.

LawTechie is a blog focusing on trends in tech and digital media. Areas covered include intellectual property, cyberlaw, venture capital, transactions and litigation as they relate to the emerging sectors. The blog is edited by the firm's partner Tim Bukher with contributions from the firm's experts in their respective areas of law.


Enter your email to get started.