63:
22:
165:
277:
Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of
California whose unencrypted personal information was, or is
266:
Enactment of a requirement for notification to any resident of
California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This requires an agency, person or business that conducts business in California and owns or licenses
318:
The statute does not apply to "encrypted" information. Thus one way to avoid reporting is to encrypt all "personal information." A corporation can also avoid reporting if its data does not contain "personal information" relating to a
California resident.
285:
Corporations with no physical locations in
California are not subject to California law. That SB 1386 would affect an out-of-state corporation is based on the notion of 'quasi in rem' jurisdiction, a notion that the Supreme Court invalidated in
322:"Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
278:
reasonably believed to have been, acquired by an unauthorized person. An out-of-state corporation that has personal information relating to a
California resident would fall under this statute. A question on
332:
Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
336:"Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
80:
35:
268:
127:
274:
The bill mandates various mechanisms and procedures with respect to many aspects of this scenario, subject also to other defined provisions.
99:
106:
282:
would then ensue as to whether an action may be brought in
California to enforce the California resident's rights under the statute.
113:
41:
398:
95:
371:
353:
251:
218:
200:
146:
49:
311:
Was the "personal information" acquired, or is reasonably believed to have been acquired, by an unauthorized person?
175:
418:
84:
120:
250:: civil codes 1798.29, 1798.82 and 1798.84. This was an early example of many future U.S. and international
182:
428:
423:
295:
Corporations can determine whether they are subject to this statute by reviewing the following questions:
403:
73:
267:
computerized 'personal information,' to disclose any breach of security (to any resident whose
235:
247:
8:
288:
279:
239:
412:
255:
315:
A corporation that answers yes to all five of these questions must report.
308:
Was there a "breach of the security" of the data as defined by the statute?
299:
Does their data include "personal information" as defined by the statute?
62:
329:
Driver's license number or
California Identification Card number.
302:
Does that "personal information" relate to a
California resident?
243:
174:
may be in need of reorganization to comply with
Knowledge's
258:
on
February 12, 2002, and became operative July 1, 2003.
372:"Bill Text - SB-1386 Personal information: privacy"
354:"Bill Text - SB-1386 Personal information: privacy"
87:. Unsourced material may be challenged and removed.
410:
254:, it was introduced by California State Senator
185:to make improvements to the overall structure.
305:Was the "personal information" unencrypted?
50:Learn how and when to remove these messages
219:Learn how and when to remove this message
201:Learn how and when to remove this message
147:Learn how and when to remove this message
96:"California Senate Bill 1386" 2002
411:
271:is believed to have been disclosed).
158:
85:adding citations to reliable sources
56:
15:
13:
14:
440:
392:
252:security breach notification laws
31:This article has multiple issues.
163:
61:
20:
72:needs additional citations for
39:or discuss these issues on the
404:The SB 1386 Management Toolkit
364:
346:
1:
339:
7:
261:
10:
445:
376:leginfo.legislature.ca.gov
358:leginfo.legislature.ca.gov
234:was a bill passed by the
326:Social security number.
236:California legislature
419:Computing legislation
248:personal information
232:California S.B. 1386
81:improve this article
429:California statutes
424:Information privacy
183:editing the article
289:Shaffer v. Heitner
238:that amended the
229:
228:
221:
211:
210:
203:
176:layout guidelines
157:
156:
149:
131:
54:
436:
386:
385:
383:
382:
368:
362:
361:
350:
280:minimum contacts
269:unencrypted data
224:
217:
206:
199:
195:
192:
186:
167:
166:
159:
152:
145:
141:
138:
132:
130:
89:
65:
57:
46:
24:
23:
16:
444:
443:
439:
438:
437:
435:
434:
433:
409:
408:
395:
390:
389:
380:
378:
370:
369:
365:
352:
351:
347:
342:
264:
242:regulating the
225:
214:
213:
212:
207:
196:
190:
187:
181:Please help by
180:
168:
164:
153:
142:
136:
133:
90:
88:
78:
66:
25:
21:
12:
11:
5:
442:
432:
431:
426:
421:
407:
406:
401:
399:Text of SB1386
394:
393:External links
391:
388:
387:
363:
344:
343:
341:
338:
334:
333:
330:
327:
313:
312:
309:
306:
303:
300:
263:
260:
240:California law
227:
226:
209:
208:
171:
169:
162:
155:
154:
69:
67:
60:
55:
29:
28:
26:
19:
9:
6:
4:
3:
2:
441:
430:
427:
425:
422:
420:
417:
416:
414:
405:
402:
400:
397:
396:
377:
373:
367:
359:
355:
349:
345:
337:
331:
328:
325:
324:
323:
320:
316:
310:
307:
304:
301:
298:
297:
296:
293:
291:
290:
283:
281:
275:
272:
270:
259:
257:
253:
249:
245:
241:
237:
233:
223:
220:
205:
202:
194:
191:December 2015
184:
178:
177:
172:This article
170:
161:
160:
151:
148:
140:
129:
126:
122:
119:
115:
112:
108:
105:
101:
98: –
97:
93:
92:Find sources:
86:
82:
76:
75:
70:This article
68:
64:
59:
58:
53:
51:
44:
43:
38:
37:
32:
27:
18:
17:
379:. Retrieved
375:
366:
357:
348:
335:
321:
317:
314:
294:
287:
284:
276:
273:
265:
231:
230:
215:
197:
188:
173:
143:
134:
124:
117:
110:
103:
91:
79:Please help
74:verification
71:
47:
40:
34:
33:Please help
30:
256:Steve Peace
413:Categories
381:2019-09-20
340:References
107:newspapers
36:improve it
42:talk page
262:Sections
137:May 2017
244:privacy
121:scholar
123:
116:
109:
102:
94:
128:JSTOR
114:books
100:news
246:of
83:by
415::
374:.
356:.
292:.
45:.
384:.
360:.
222:)
216:(
204:)
198:(
193:)
189:(
179:.
150:)
144:(
139:)
135:(
125:·
118:·
111:·
104:·
77:.
52:)
48:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.