AB 2182: Privacy: personal information: breach: disclosure.

Existing law requires a person or business conducting business in California that owns or licenses computerized data that includes personal information, as defined, to disclose a breach in the security of the data to a resident of California whose encrypted or unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person, as specified. Existing law requires that disclosure to be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

This bill would instead specify that disclosures be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or on a rolling basis while taking any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. would, in the event that a person or business delays full disclosure of the security breach due to the determination of the scope of the breach or the restoration of the reasonable integrity of the data system, require the person or business to disclose as much information as it can, to as many affected residents as it can, and as soon as it can, on a rolling basis.