California has adopted a tough new privacy law, with practical ramifications that extend far beyond state boundaries. As of July 1, California became the very first state in the US to require businesses and government offices to notify people if any database that lists personal information experiences a breach in security. On Thursday morning, Adam Rak, manager of government relations for Symantec, a maker of security software, discussed California Senate Bill 1386 (SB 1386), which mandates that companies disclose publicly when customer information stored on their networks has been accessed in any unauthorized manner.
According to the language of the bill, dubbed the California Breach Law: “This bill, operative July 1, 2003, would require a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”