SB 1444, as introduced, Hertzberg. Personal information: privacy: state agencies: mitigation and response plans.
Existing law authorizes an agency, as defined, to maintain in its records only that personal information that is relevant and necessary to accomplish a purpose of the agency, required or authorized by the California Constitution or statute, or mandated by the federal government. Existing law requires each state agency that maintains personal information to establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with law, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards to the security or integrity of the records that could result in any injury. Existing law requires an agency that owns or licenses computerized data that includes personal information, as defined, to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, as specified.
This bill would require a state agency that owns or licenses computerized data that includes personal information to prepare a mitigation and response plan for breach of the database that contains the personal information.
Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.
The people of the State of California do enact as follows:
Section 1798.21 of the Civil Code is amended
begin deleteEachend delete agency shall establish appropriate and
4reasonable administrative, technical, and physical safeguards to
5ensure compliance with the provisions of this chapter, to ensure
6the security and confidentiality of records, and to protect against
7anticipated threats or hazards to
begin delete theirend delete security or integrity begin delete whichend delete
8 could result in any injury.