SB 1386 is a California law that requires businesses to notify customers of security breaches that pose a risk to private information. The law aims to ensure businesses take adequate precautions to protect personal data and holds them accountable for its security. Violations require reporting if there is a reasonable belief that information may have been compromised, and failure to comply may lead to a civil suit. The law covers all organizations, including private businesses, schools, and public offices.
SB 1386, also known as the Security Breach Law, is a California law that regulates the notification to customers of security breaches that pose a risk to the security of private information. The 2003 law is a landmark piece of legislation that amended previous laws in an effort to combat the rising levels of cyber identity theft. SB 1386 requires any business that requests or maintains private information, such as account numbers or driver’s license numbers, to notify California residents of any security breach that poses a reasonable risk to personal data.
Part of the goal of SB 1386 is to ensure that businesses take adequate precautions in protecting private data. Just as a person wouldn’t put valuables in a safe from a company known for poor locks, neither should a person put important personal data in the hands of a company that doesn’t take fair steps to ensure it can’t be stolen and misused. per person identity theft. Critics suggest that the law unfairly requires victims, i.e. businesses, of a crime such as hacking to publicly announce their victimization. Proponents, on the other hand, suggest that the real victims are those whose data has been compromised, and that the law prevents companies from preserving their reputation by hiding security breaches that risk employee or customer safety.
While identity theft has long been a criminal element, the anonymity of the Internet has given thieves a much greater opportunity to use stolen personal data. The law was created in response to law enforcement studies that noted a marked increase in levels of identity theft since the use of computerized and Internet-accessible databases became popular. By holding companies accountable for the security of employee or customer data, SB 1386 took a big step in changing the notion of the value of personal data.
SB 1386 specifically requires three types of companies to notify customers quickly of a violation: those that have employees or customers in California, outsourced companies that work with employees or customers in California, or those that collect and maintain computer information about California residents. The law covers the conduct of all organizations, including private businesses, schools and public offices.
A violation requires reporting if there is a reasonable belief that the information may have been compromised. Qualifying information for a report includes the first and last name or initial and last name of any customer or employee in combination with personal information such as a driver’s license, National Insurance card, bank account number, credit card information, or debit card or security password . If a violation is suspected, any person with a database entry should be promptly notified by email, phone call, letter, or prominently posted on the company’s website. Failure to comply with SB 1386 may lead to a civil suit.
Protect your devices with Threat Protection by NordVPN
