SB 1444 Senate Bill - INTRODUCED

BILL NUMBER: SB 1444	INTRODUCED
	BILL TEXT


INTRODUCED BY   Senator Hertzberg

                        FEBRUARY 19, 2016

   An act to amend Section 1798.21 of the Civil Code, relating to
personal information.


	LEGISLATIVE COUNSEL'S DIGEST


   SB 1444, as introduced, Hertzberg. Personal information: privacy:
state agencies: mitigation and response plans.
   Existing law authorizes an agency, as defined, to maintain in its
records only that personal information that is relevant and necessary
to accomplish a purpose of the agency, required or authorized by the
California Constitution or statute, or mandated by the federal
government. Existing law requires each state agency that maintains
personal information to establish appropriate and reasonable
administrative, technical, and physical safeguards to ensure
compliance with law, to ensure the security and confidentiality of
records, and to protect against anticipated threats or hazards to the
security or integrity of the records that could result in any
injury. Existing law requires an agency that owns or licenses
computerized data that includes personal information, as defined, to
disclose a breach of the security of the system in the most expedient
time possible and without unreasonable delay, as specified.
   This bill would require a state agency that owns or licenses
computerized data that includes personal information to prepare a
mitigation and response plan for breach of the database that contains
the personal information.
   Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

  SECTION 1.  Section 1798.21 of the Civil Code is amended to read:
   1798.21.   Each   (a)    
Each  agency shall establish appropriate and reasonable
administrative, technical, and physical safeguards to ensure
compliance with the provisions of this chapter, to ensure the
security and confidentiality of records, and to protect against
anticipated threats or hazards to  their   the
 security or integrity  which   of the
records that  could result in any injury. 
   (b) An agency that owns or licenses computerized data that
includes personal information shall prepare a mitigation and response
plan for breach of the database that contains the personal
information.