State Data Breach Reporting- Example California

Lots of nobel bills become studies and reports when the opposition is vocal. For the last years, the Attorney General of California has released data breach reports.

In 2013, there were 167 breaches reported to the California Attorney General, exposing data of 18.5 Million Californians.

The California Attorney General also makes the following recommendations:  

For the health care industry:

– Use strong encryption to protect medical information on laptops and on other portable devices, and consider encryption for desktop computers.

For the Legislature:

– Consider legislation to amend the breach notice law in order to strengthen the substitute notice procedure; clarify the roles and responsibilities of data owners and data maintainers; and require a final breach report to the Attorney General.
– Consider legislation to provide funding to support system upgrades for small California retailers.
 

Data Breach Legislation History from California:
“In 2003, California was the first state to pass a law (AB 700, Simitian) mandating data breach notifications. This law requires businesses and state agencies to notify Californians when their personal information is compromised in a security breach.

In 2012, companies and state agencies subject to the law were also required, for the first time, to report any breach that involved more than 500 Californians to the Attorney General’s Office. (SB 24, Simitian).” [Lake County News]