AB 259: Personal information: privacy.

Existing law requires an agency that owns or licenses computerized data that includes personal information, as defined, to provide notification of any breach in the security of that data to any California resident whose personal information may have been compromised by the breach, as specified. Existing law requires the notification to be written in plain language and contain specified information, including, but not limited to, the agencys contact information and a list of the types of personal information that were or are reasonably believed to have been the subject of the breach.

This bill would additionally require an agency, if the agency was the source of the breach and the breach compromised a persons social security number, drivers license number, or California identification card number, to offer to provide the person with identity theft prevention and mitigation services at no cost for not less than 12 months, as specified.