California SB 1386 Essay

1156 Words 5 Pages
On July 1, 2003, California enacted an electronic data privacy law to protect residents from one of its fastest growing crimes: identity theft. SB 1386 (Civil Code 1798.29) requires businesses to notify California residents if a security breach results in disclosure of personal electronic data. All businesses are subject to this law regardless of size, location, or operations. Business owners should be aware of the problems associated with identity theft, the steps required to comply with SB 1386, and the preventative measures available.
Identity theft is a significant problem to both citizens and financial institutions. The FTC estimates that over 27.3 million Americans have been the victims of identity theft in the past five years. The
…show more content…
California’s SB 1386 takes the FTC’s efforts one step further by requiring companies to notify California residents when a security lapse has resulted in disclosure of personal information so that immediate action may be taken to mitigate damages. In 2002, the California state employee payroll database was breached. Confidential information about 265,000 employees was available to hackers including names, addresses, bank account numbers, and social security numbers. The data center didn’t notify anyone for several weeks, leaving the employees vulnerable to identity theft longer than necessary. In response, SB 1386 was enacted as a means to ensure that Californians receive prompt notification so they may take immediate steps to protect their personal information.
SB 1386 applies to any business that stores unencrypted personal information of an employee or customer that resides in California. According to the law, personal information means an individual’s name in combination with any one or more of the following elements:
1.     Social security number
2.     Driver’s License number of California Identification Card number
3.     Account number, Credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial
Open Document