California Governor Gavin Newsom affixed his signature on bill AB-1130 which revises the data breach notification law in California. The latest bill stretches the meaning of personal information impacting the need to issue notifications to state locals in case of a data breach.
Prior to the new bill, notifications must be issued whenever the driver’s license number, Social Security number, medical data, financial information, or username/passwords of state residents are compromised. With the revision, the compromise of passport numbers, tax ID numbers, military ID numbers, other government ID numbers, or biometric information require the sending of breach notifications.
The law applies to breaches where an unauthorized individual is believed to have gained access to personal information.
The person who introduced bill AB-1130 was California Assemblyman Marc Levine (D) while California Attorney General Xavier Bercerra co-sponsored the bill. Governor Newsom signed the bill on October 11 and enforcement will begin on January 1, 2020.
California Consumer Privacy Act Revisions
Governor Newsom likewise approved the six amendments on the California Consumer Privacy Act (CCPA) giving California residents new privacy protection and more control over the information collected by businesses.
CCPA will become effective on January 1, 2020, though the enforcement of the CCPA requires that the California Attorney General has put out the final rules on CCPA 6 months prior. Attorney General Bercerra has released the initial draft of the rules https://www.oag.ca.gov/privacy/ccpa.
Dates of public hearing were booked from December 2, 2019 to December 6, 2019. The final draft of the rules will be available in spring 2020. CCPA will be enforced on July 1, 2020 or 6 months following the publication of the final regulations, whichever is earlier. Nevertheless, in case the final regulations are publicized from July 1, 2020 to December 31, 2020, CCPA will be enforced only 6 months after the date of publication.
The approved revisions to the CCPA include the following:
- AB-25 – The data gathered from job hunters, employees, officers, directors, business owners, medical staff, and contractors on their first year will not be included in the CCPA.
- AB-874 – “Publicly available information” includes data that is legally publicized from the documents of the federal, state, or local authorities.
- AB-1146 – CCPA does not require vehicle information collected by using a warranty or recall program
- AB-1202 – Data brokers must register with the California Attorney General’s office.
- AB-1355 – The CCPA meaning of personal information is not included in aggregated consumer information and de-identified information.
- AB-1564 – Businesses ought to provide two ways for consumers to contact them unless the business is online-based, where an email address is enough.