After two vetoes by the previous administration, California Gov. Jerry Brown on Wednesday signed into law SB-24, which updates the state's data breach notification law to specify what information should be included in notification letters and to mandate that notices be written in plain language. According to DLA Piper's Jim Halpert, who outlined the bill on yesterday's Privacy Tracker monthly audio conference, notification letters must include the type(s) of personal information affected, the data or data range of the breach and the date of the notice, among other criteria. Halpert also outlined certain exemptions, such as one for entities that are subject to the HITECH Act.
If you want to comment on this post, you need to login.