What Is The California Security Breach Information Act?
The California Security Breach Information Act, SB-1386 is a law enacted by the state of California to safeguard the security of personal information of citizens. According to the law, all organizations responsible for maintaining the security of personal databases should immediately bring any breach to the attention of the authorities.
The Act was enforced on July 1, 2003, to curtail the growing instances of identity theft. It is also referred to as the Database Security Breach Notification Act, Security Breach Law, California’s Database Security Breach Notification Act, California State Bill 1386, Breach Notification Law, Senate Bill 1386 and California Security Breach Information Act, SB 1386. The Act is an effective and important measure adopted to deal with identity theft. The California Database Security Breach Act is applicable to all state agencies, individuals and businesses in California.
The Act is widely applied and even includes those businesses that are not based in California, but have clientele in the state. Personal information includes details such as Social Security Numbers, state ID card numbers, driver’s license details, bank account numbers, credit or debit card numbers and security codes. In addition to notifying customers, the Act also requires disclosure, even if the security breach is merely suspected.
Implications Of The Legislation
Several companies have welcomed the law, however there are a few that have strongly opposed it. The latter believe that notifying a customer about a suspected breach may unnecessarily scare the person. According to these business communities, notifying customers based on a mere suspicion may lead to negative consequences and harm the image of the company involved. Besides, they say, such laws may also encourage hackers, who would be more than happy to trigger customer panic. IT departments of various companies are engaged in identifying ways to combat security breaches. The law also regulates service providers who process sensitive personal information over the Internet.
Measures To Foster Data Security
Many companies that support the law have revised their security structures. Some companies have installed host-based software in an effort to safeguard data security. A week after installation, the software detects any unusual patterns and accordingly impedes any attempt to damage or access the server. There are companies that have also installed computer gateways, to check suspicious or illegal attempts to access personal information of customers.
Notifying Customers
The law clearly mentions the ways in which companies can notify customers about security breaches. Customers can be informed via email, with prior permission. To reach out to a larger database of customers, the law also allows web postings and press coverage.
The Act has raised several questions, and legal experts are contemplating whether a security breach should be brought to the notice of California-based customers only or those of other regions as well. There may be certain customers listed as non-California residents in the company database. If such a customer later moves and becomes a California resident, without the company updating the information, they may fall through the cracks.
Nevertheless, the law protects the majority from security breaches that could cripple the financial health of a person or business. This is why many California businesses have chosen to protect their information and that of their customers with secure document shredding services.
