Jerry Brown, the Governor of California, signed Assembly Bill, 1710, into law on September 30, 2014. The amendment has brought many changes to the existing laws on personal privacy.
Changes to these laws enacted by Assembly Bill 1710 include a medley of provisions. Some of the requirements involve mitigation services and identity theft prevention offered by a company for its customers and users who are victimized by security data breaches.
The state law precludes the sale or promotional advertisement of user social security data. Moreover, the law mandates that businesses ensure the security of personal data of California residents.
The Civil Code Section 1798.81.5 of the California code applies to businesses that are licensed or owned by residents of the state that hold personal identity information in its data systems. Enterprises of this nature must establish and maintain reasonable practices of security privacy, thereby precluding the disclosure, modification or destruction of personal information without authorization. The existing law is amended by the Assembly Bill 1710.
Firms must maintain the personal information of residents to execute security practices and procedures to safeguard information of a personal nature. In the bill, the term “maintain” is not defined. At the same time, the legislation clearly states that the term stipulates that a business firm can only maintain personal information of residents, but it is not licensed to distribute it.
In this context, ‘personal information’ under the existing law is deemed as the first name or initial and last name or other necessary data combined that are not redacted or encrypted. It is not limited to a California identification card number, driver’s license number or social security number.
Though California will be the first state to institute such formal codes in its legislative framework, many firms already practice such security prevention measures as a form of best practices to ensure the security of their customers. The law is also providing provisions for complementary credit monitoring services for a determined period.
Moreover, the amendment will echo comparable solutions advanced by other localities throughout the country with some language modifications. There is a risk that this added legislation may only confuse the matter for businesses rather than create a seamless standard solution for them to follow. This potential risk for ambiguity and confusion, therefore, begs the question why a federal law mandate has not been enacted to ensure proper consumer privacy in the digital age.
California’s concerns about data breaches are similarly the concerns of CertainSafe®. For years, we have been developing cutting edge software specifically designed for the safeguarding of data. Additionally, Secure Cloud Systems® has deep understanding as well as vast experience with payment data and Payment Card Industry (“PCI”) compliance. Our advanced proprietary technology in this area are unmatched.