What Does This Act Mean for Californians?
With the increasing incidence of identity theft, the state of California has passed a law that essentially protects personal information of its citizens. The California Security Breach Information Act protects citizens by holding businesses and organizations responsible for protecting valuable information. In addition these organizations must report and security breaches to authorities in a timely fashion.
The Act was enforced on July 1, 2003, to curtail the growing instances of identity theft. It is also referred to as the Database Security Breach Notification Act, Security Breach Law, California’s Database Security Breach Notification Act, California State Bill 1386, Breach Notification Law, Senate Bill 1386 and California Security Breach Information Act, SB 1386. The Act is an effective and important measure adopted to deal with identity theft. The California Database Security Breach Act is applicable to all state agencies, individuals and businesses in California.
This Security Breach Information Act applies to businesses throughout California, and even those not based in the state but who have customers in California. Remember, the point of writing this Act was to protect vital information of California citizens, and businesses outside of the state must respond to that. The type of personal data that must be protected includes: credit card numbers, bank account details, driver’s license information, Social Security Numbers, and any other type of secure information. If the protection of any of these types of information is compromised the customer and authorities are to notified immediately.
Repercussions Of The Law
Several companies have welcomed the law, however there are a few that have strongly opposed it. The latter believe that notifying a customer about a suspected breach may unnecessarily scare the person. According to these business communities, notifying customers based on a mere suspicion may lead to negative consequences and harm the image of the company involved. Besides, they say, such laws may also encourage hackers, who would be more than happy to trigger customer panic. IT departments of various companies are engaged in identifying ways to combat security breaches. The law also regulates service providers who process sensitive personal information over the Internet.
How Some Businesses Are Ensuring Security
Many companies that support the law have revised their security structures. Some companies have installed host-based software in an effort to safeguard data security. A week after installation, the software detects any unusual patterns and accordingly impedes any attempt to damage or access the server. There are companies that have also installed computer gateways, to check suspicious or illegal attempts to access personal information of customers.
The law clearly mentions the ways in which companies can notify customers about security breaches. Customers can be informed via email, with prior permission. To reach out to a larger database of customers, the law also allows web postings and press coverage.
The Act has raised several questions, and legal experts are contemplating whether a security breach should be brought to the notice of California-based customers only or those of other regions as well. There may be certain customers listed as non-California residents in the company database. If such a customer later moves and becomes a California resident, without the company updating the information, they may fall through the cracks.
Nevertheless, the law protects the majority from security breaches that could cripple the financial health of a person or business. This is why many California businesses have chosen to protect their information and that of their customers with secure document shredding services.