Secure Data Portal
Login  |  Email Support  |  U.S. Sales (866) 961-4421 |

California's Data Breach Notification Law

What is CA SB 1386 about?

Effective since July 1st 2003, CA Senate Bill 1386 mandates all public or private agencies that conduct business in California to provide notification if there is a security breach to the electronic database containing personal information of any California resident. Section 2 (d) states that breach of the security of the system means “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business”.

The statute defines personal information as first name or first initial and last name in combination of one or more of the following: social security number, driver’s license number or California Identification Card number, accounting number, credit or debit card number, in combination with any required security code/access code/password that would permit access to an individual’s financial account. The purpose of the bill is to protect possible identify theft, and it was expanded in 2008 with Assembly Bill 1298, to include medical records and health insurance information under the umbrella of “personal information” as well. This law applies to all businesses maintaining medical information, even if they are not health care providers under the Confidentiality of Medical Information Act (CIMA).

Why does it matter?

California’s data breach notification law was the first in the nation. Since then, it has inspired similar laws in over 40 other states with the exceptions of Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota. So unless you only do business with residents of these few exceptional states, chances are the data breach notification law matters to you.

This is important because it applies to all public and private sectors who conduct business with California residents even if the business is headquartered at another state other than California. In other words, if your company has any customer or employee residing in the state of California then you are affected. Violation of the law could lead to civil lawsuits, as stated in its Civil Code Sec 1798.84 “any customer injured by a violation of this act may institute a civil action to recover damages”.

See the full text of CA SB 1386 here.

EasyDocEx combines cutting-edge security technology, best practices and a team of certified senior-level professionals to help ensure that security. Using state-of-the-art traffic profiling and anomaly detection capabilities, we manage and secure our networks, pinpoint and troubleshoot network attacks, monitor our servers and applications, and analyze network security performance issues. Multiple levels of security (known as Defense in Depth) allow elevated levels of control for maintenance personnel without compromising security—including private network circuits for systems management and data and duplication for disaster recovery.

EasyDocEx utilizes Secure Socket Layer protocol (SSL) with 256-bit encryption to protect personal information sent or received through our EasyDocEx system and complies with the Federal Information Process Standard 140-2, Security Requirements for Cryptographic Modules. This protocol is supported in the latest versions of the most popular web browsers, such as Firefox 3.0 and Microsoft's Internet Explorer. To assure that all web browsers provide the greatest level of security, EasyDocEx utilizes Server Gated Cryptography (SGC). Server Gated Cryptography provides the ability to 'up-rate' older browsers that are only capable of weak, 40-bit and 128-bit encryption to ultra-secure 256-bit encryption.