November 15, 2016 - The State of California is making some changes to its data breach notification law. Under the new rules, even breached data that is encrypted may force companies to notify consumers whose data was included in a breach. That's a big change to the law and it is likely to affect the way companies handle data breaches nationwide.
Under the current law, companies that experience a data breach only need to notify consumers when the data isn't encrypted. But the updated law states that notification must take place for encrypted data if the encryption key being used is reasonably though to have been stolen and its use would result in the stolen date being decrypted.
Because of California's large population, the change is likely affect companies nationwide. California was the first state in the nation to require data breach notification. Companies quickly found that it was impossible to only notify consumers living in the state in the event of a data breach. In fact, companies that attempted to do this rapidly found themselves mired in publicity nightmares. In the end, most companies that had data breaches in California realized that they had to notify all of their customers about data breaches regardless of which state they lived in.
The updated law takes effect on January 1st.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|