California Hacker Law Takes Effect

Share this content:
A California law takes effect today in which companies that store data electronically and do business in California must warn customers in the state if they suspect that hackers have stolen personal data.

Senate Bill 1386 defines personal information as an individual's first name or initial and last name, with one of the following: Social Security number; driver's license number; state identification number; or credit or debit card account number and security code.

Except when disclosure would impede a criminal investigation, companies must notify consumers "in the most expedient time possible," with an e-mail or letter.

If a hacker gains access to data for 500,000 or more customers, the company may have to notify people through e-mail, a "conspicuous" posting on a Web site and disclosure to a major media outlet.

Meanwhile, U.S. Sen. Dianne Feinstein, D-CA, a senior member on the Judiciary Committee, introduced a bill June 26 that requires businesses or government agencies to notify individuals if a database has been broken into and personal data have been compromised, including Social Security numbers, driver's licenses and credit cards.

The bills seek to help curb the growing problem of identity theft. The Federal Trade Commission said that it received 161,819 reports of identity theft in 2002 alone, according to reports.

The federal bill, the Notification of Risk to Personal Data Act, is modeled partly on the California law. In general, notice would have to be provided to each person whose data were compromised in writing or through e-mail. But there are exceptions.

For example, companies that have developed their own reasonable notification policies get a safe harbor under the bill and are exempted from its notification requirements. In addition, when it is too expensive or impractical, such as when contact information is incomplete, to notify every individual who is harmed, the bill lets entities send out an alternative form of notice called "substitute notice," which includes posting a notice on a Web site or notifying major media.


Next Article in Data/Analytics

Sign up to our newsletters

Company of the Week

We recently were named B2B Magazine's Direct Marketing Agency of the Year, and with good reason: We make real, measureable, positive change happen for our clients. A full-service agency founded in 1974, Bader Rutter expertly helps you get the right message to the right audience at the right time through the right channels. As we engage our clients' audiences along their journey, direct marketing (email, direct mail, phone, SMS) and behavioral marketing (SEM, retargeting, contextual) channels deliver information relevant to the needs of each stage. We are experts at implementing and leveraging marketing technologies such as CRM and marketing automation in order to synchronize sales and marketing communications. Our team of architects and activators plan, execute, measure and adjust in real time to ensure the strategy is working as needed and change things if it's not.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above