web analytics

California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked

California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked

By Tiffany Quach on November 8, 2016 | Proskauer

“On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised.

Currently, the law requires notification of a breach when a California resident’s unencrypted personal information is compromised. However, effective January 1, 2017, the amended law requires notification of a security breach when (a) there is unauthorized acquisition of both encrypted personal information and the encryption key or security credential, and (b) the business has a reasonable belief that the encryption key or security credential could render such personal information readable or useable.”

MORE

Next Post Previous Post

Comments are closed.