top of page

California Law on Data Breaches


California law requires businesses and states agencies to notify individuals when their unencrypted data was in fact acquired by an unauthorized person, or if it is reasonable to believe that such a person has accessed the data. See, California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a). A breach involving the data of more than 500 California residents must be reported to the state attorney general. See the online form available here. The form itself should not include PII. The form is not covered by the provisions of the California Public Records Act which requires that law enforcement agencies disclose information if it would not jeopardize ongoing investigations.

The owner of the data must receive immediate notification of the breach. The actual, "Notice of Data Breach,” must be comprised of five sections:

1. What Happened

2. What Information Was Involved

3. What We Are Doing

4. What You Can Do

5. For More Information.

The statute itself includes a model form for businesses to use.

Businesses are required to indicate the estimated date of the breach if it is possible to reach a determination about when the breach occurred. If the business caused the breach it must offer theft prevention and mitigation services for 12 months. Personal information is defined as a person's name when used with any of the following:

1. Social security number

2. Driver's license number

3. Account number

4. Medical information

5. Health insurance information

6. Automated license plate recognition system information.


Recent Posts

See All

Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page