1 / 11

California Individual Privacy Senate Bill 1386

California Individual Privacy Senate Bill 1386. Effective July 01, 2003. Content . Requires all institutions and organizations that collect certain personal information to protect it against possible "identity theft."

eljah
Download Presentation

California Individual Privacy Senate Bill 1386

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. California Individual Privacy Senate Bill 1386 Effective July 01, 2003.

  2. Content • Requires all institutions and organizations that collect certain personal information to protect it against possible "identity theft." • If an incident occurs that involves the compromise of personal information, the individuals whose personal information may have been compromised must be notified

  3. Preventive Measures • implementing rigorous policies and controls; • re-architecting the critical infrastructure and/or applications; • elimination of User ID's and Passwords; • use of encryption beyond the network;

  4. Personal Information • First name OR first initial and last name in combination with one or more of the following: • Social security number • Or driver's license number • Or California identification number • Or financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

  5. Who is effected? • Any business, government or non-profit agency, or individual that stores confidential information about California residents on their computers. • As long as you have a single employee or customer that resides in California, and as long as you store any confidential personal information about that employee or customer on a computer, you will need to comply with SB 1386.

  6. Notification A company may choose to use a Substitute Notice, instead of the direct mail or electronic notice if: • There are more than 500,000 customers or employees to be notified OR • If the cost of disclosure is expected to exceed $250,000

  7. Notification The Substitute Notice consists of using ALL of the following means of communication: • E-mail, if the company/agency has an e-mail address on file; • Posting on a publicly-accessible web-site, if the company/agency maintains one; and • Notification to major statewide media such as newspapers, television and radio.

  8. Enforcement Responsibility • The Attorney General of the State of California, and the Federal Trade Commission have put together comprehensive lists of things to do, which I won't repeat here; their sites can be accessed at http://caag.state.ca.us/idtheft/tips.htm and http://www.consumer.gov/idtheft/ respectively. Go to both these links and follow the instructions given there.

  9. Recent Security Breaches Disclosures • Window smashed, data lost – March 2004 • A thief smashed the rear window of Larry Saltzman's Saab not long ago and stole his gym bag, a gold watch, credit cards, a few hundred dollars and the names, addresses and Social Security numbers of about 95,000 Bay Area residents. • UCLA laptop theft exposes ID info - Nov. 2003 • Representatives of the University of California, Los Angeles, are warning 145,000 blood donors they could be at risk for identity theft due to a stolen university laptop. UCLA's Blood and Platelet Center included the advisory in a letter sent last week to all who donated blood through the organization.

  10. More Examples • http://www.strongauth.com/regulations/sb1386/sb1386Disclosures.html

  11. Interesting Links • UCSB IT Site • Actual Bill - Text • Security Management PDF

More Related