A recently amended California state law now requires data breach notifications to be sent to residents when encrypted personal data has been breached, Health IT Security reports. While previous versions of Bill No. 2828 only required breach notifications for unencrypted data, Gov. Jerry Brown, D-Calif., approved changes to ensure compromised encrypted data also earns a notification. “In an effort to protect consumers after a data breach, AB 2828 requires businesses and government agencies to notify affected consumers where encrypted personal information is disclosed and there is a reasonable belief that encryption keys or security credentials were also compromised and could render the breached information readable or useable,” California Assemblymember Ed Chau said in a statement. “This bill will allow victims to take the necessary steps to protect themselves from fraud and identity theft before the data is used or sold by the hackers.
If you want to comment on this post, you need to login.