On September 27, 2013, California Governor Brown signed into law S.B. 46, amending California’s data security breach notification law California Civil Code Section 1798.82. The new law builds upon existing requirements for prompt consumer notification whenever individuals have had their passwords, usernames or security question and answers compromised. It expands the definition of personal information to include, “A user name or email address, in combination with a password or security question and answer that would permit access to an online account.” California Senate Majority Leader Ellen M. Corbett (D-San Leandro), who authored S.B. 46, released a statement in which she said, “SB 46 protects online consumers by ensuring that they are promptly notified if and when their passwords, usernames or security question and answers are compromised or stolen. Many consumers now conduct their day-to-day personal business online, including banking and paying bills, which creates more opportunities for sophisticated cybercriminals to access and steal their personal information. I am grateful that Governor Brown has signed S.B. 46 since it will allow consumers to take steps to minimize potential identity theft and other criminal activity whenever their information is stolen.” The new law will become effective as of January 1, 2014. For more information on S.B. 46, please see our previous blog posting entitled California S.B. 46 Expands Data Breach Notification Law to Include Breaches of User Names and Email Addresses for Online Accounts.
For more detailed information on the new law, please refer to our full-length client advisory entitled
S.B. 46 Adds Notification Requirements for Breaches of an Individual’s User Name or Email Address in Combination with a Password or Security Question and Answer that Permit Access to an Online Account.