SB 570: Personal information: privacy: breach.

Existing law requires a person or business conducting business in California and any agency, as defined, that owns or licenses computerized data that includes personal information, as defined, to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, as specified. Existing law requires a person, business, or agency that is required to issue a security breach notification to meet specific requirements, including that the notification be written in plain language.

This bill would additionally require the security breach notification to be titled Notice of Data Breach and to present the information under prescribed headings. The bill would prescribe a model security breach notification form, as specified.

This bill would incorporate additional changes to Section 1798.29 of the Civil Code proposed by SB 34 and AB 964, that would become operative if this bill and one or both of those bills are enacted and this bill is chaptered last.

This bill also would incorporate additional changes to Section 1798.82 of the Civil Code proposed by SB 34 and AB 964, that would become operative if this bill and one or both of those bills are enacted and this bill is enacted last.