California Assembly Bill 1710

Lock 0
Existing law requires a person or business conducting business in California that owns or licenses computerized data that includes personal information, as defined, to disclose, as specified, a breach of the security of the system or data following discovery or notification of the security breach to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Existing law also requires a person or business that maintains computerized data that includes personal information that the person or business does not own to notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, as specified. Existing law requires a person or business required to issue a security breach notification pursuant to these provisions to meet various requirements, including that the security breach notification provide specified information.
This bill would require, with respect to the information required to be included in the notification, if the person or business providing the notification was the source of the breach, that the person or business offer to provide appropriate identity theft prevention and mitigation services, if any, to the affected person at no cost for not less than 12 months if the breach exposed or may have exposed specified personal information.
Existing law requires a business that owns or licenses personal information about a California resident to implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.
This bill would expand these provisions to businesses that own, license, or maintain personal information about a California resident, as specified.
Existing law prohibits a person or entity, with specified exceptions, from publicly posting or displaying an individual’s social security number or doing certain other acts that might compromise the security of an individual’s social security number, unless otherwise required by federal or state law.
This bill would also, except as specified, prohibit the sale, advertisement for sale, or offer to sell of an individual’s social security number.
Ian Walters

Ian Walters

Compliance Team Manager & Lead Auditor at ecfirst
A Certified CSF Practitioner (HITRUST) and Lead Auditor in ISO 27001 and ISO 9001 - Ian conducts compliance audits, information security training, ISO 27001 audits & certification gap analysis, HIPAA compliance assessments, risk assessments and managed compliance service programs.

Link with Ian

ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide. ecfirst training solutions include the gold standard HIPAA credential, Certified HIPAA Professional (CHP) and our world’s first compliance and cyber security credential, Certified Security Compliance Specialist (CSCS). Many clients engage ecfirst extensively for its flexible services that range from on-demand consulting to its managed compliance services programs that covers training, policies, remediation, risk assessment, technical vulnerability assessments penetration testing and much more.
Ian Walters

Leave A Reply