AB 241: Personal information: privacy: state and local agency breach.

Existing law requires a person or business conducting business in California and any state or local agency, as defined, that owns or licenses computerized data that includes personal information, as defined, to disclose a breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person in the most expedient time possible and without unreasonable delay, as specified. Existing law requires a person or business, if it was the source of the breach, to offer to provide appropriate identity theft prevention and mitigation services at no cost to the person whose information was or may have been breached if the breach exposed or may have exposed the persons social security number, drivers license number, or California identification card number.

This bill also would require a state or local agency, if it was the source of the breach, to offer to provide appropriate identity theft prevention and mitigation services at no cost to a person whose information was or may have been breached if the breach exposed or may have exposed the persons social security number, drivers license number, or California identification card number.

The bill would make other clarifying and nonsubstantive changes.