 |
| Every Single Face is Deceased - see Clinton Murders |
Civil Code - CIVDIVISION 3. OBLIGATIONS [1427 - 3272.9]
PART 4. OBLIGATIONS ARISING FROM PARTICULAR TRANSACTIONS [1738 - 3273]
TITLE 1.8. PERSONAL DATA [1798 - 1798.78]
CHAPTER 1. Information Practices Act of 1977 [1798 - 1798.78]
ARTICLE 7. Accounting of Disclosures [1798.25 - 1798.29]
1798.29.
( Heading of Division 3 amended by Stats. 1988, Ch. 160, Sec. 14. )
( Part 4 enacted 1872. )
( Title 1.8 added by Stats. 1977, Ch. 709. )
( Chapter 1 added by Stats. 1977, Ch. 709. )
( Article 7 added by Stats. 1977, Ch. 709. )
(a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
(b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
(c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.
(d) Any agency that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements:
(1) The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described in paragraph (2) under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
(A) The format of the notice shall be designed to call attention to the nature and significance of the information it contains.
(B) The title and headings in the notice shall be clearly and conspicuously displayed.
(C) The text of the notice and any other notice provided pursuant to this section shall be no smaller than 10-point type.
(D) For a written notice described in paragraph (1) of subdivision (i), use of the model security breach notification form prescribed below or use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision.
No comments:
Post a Comment