Senate BillNo. 1444

Introduced by Senator Hertzberg

February 19, 2016

An act to amend Section 1798.21 of the Civil Code, relating to personal information.

LEGISLATIVE COUNSEL’S DIGEST

SB 1444, as introduced, Hertzberg. Personal information: privacy: state agencies: mitigation and response plans.

Existing law authorizes an agency, as defined, to maintain in its records only that personal information that is relevant and necessary to accomplish a purpose of the agency, required or authorized by the California Constitution or statute, or mandated by the federal government. Existing law requires each state agency that maintains personal information to establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with law, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards to the security or integrity of the records that could result in any injury. Existing law requires an agency that owns or licenses computerized data that includes personal information, as defined, to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, as specified.

This bill would require a state agency that owns or licenses computerized data that includes personal information to prepare a mitigation and response plan for breach of the database that contains the personal information.

Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.

The people of the State of California do enact as follows:

P2    1

SECTION 1.  

Section 1798.21 of the Civil Code is amended
2to read:

3

1798.21.  

begin deleteEachend deletebegin insert(a)end insertbegin insertend insertbegin insertEachend insert agency shall establish appropriate and
4reasonable administrative, technical, and physical safeguards to
5ensure compliance with the provisions of this chapter, to ensure
6the security and confidentiality of records, and to protect against
7anticipated threats or hazards tobegin delete theirend deletebegin insert theend insert security or integritybegin delete whichend delete
8begin insert of the records thatend insert could result in any injury.

begin insert

9(b) An agency that owns or licenses computerized data that
10includes personal information shall prepare a mitigation and
11response plan for breach of the database that contains the personal
12information.

end insert

O

    99