GoFuckYourself.com - Adult Webmaster Forum - View Single Post - MATRIX and others should be aware of this > California Civil Code § 1798.82

KRL · 10-29-2003, 01:46 AM

California Civil Code § 1798.82 ? New Duties to Disclose A "Security Breach"

California has revised its business laws to require notification of customers if a "security breach" leads to the disclosure of customers' personal data. The new law is codified as an amendment to California Civil Code § 1798.82 and takes effect on July 1, 2003. It applies to any person or business that conducts business in California if the entity possesses "computerized ... personal information." If a "breach of the security system" occurs, defined as any unauthorized acquisition of personal data, the business must inform affected persons "immediately" unless law enforcement requests a delay. Consumers have a private right of action under the law for injunctive and civil damages relief, but no specific monetary penalties are suggested.

While the California law sets forth several types of notice that will be considered adequate, including written notice, these may be burdensome. Fortunately, the law also provides that notice will be deemed compliant if it is made in a manner specified in a company's existing "information security policy." Businesses, therefore, may wish to specify notification methods in their user agreements or privacy statements. Few businesses currently do so.

Summary

Taken together, the In Re Pharmatrak case and the California law reinforce the importance of the content of privacy statements and ensuring adoption of privacy practices that facilitate compliance with applicable law. Online businesses should periodically review their privacy statements, particularly as their uses of customer data change over time. To take advantage of California Civil Code § 1798.82, business should consider adding a clause explaining how legal notices will be disseminated to users if required. The clause need not include the words "security breach" but should be clear and conspicuous. If the business is already subject to federal laws requiring specific security notices, such as the Gramm-Leach-Bliley Act (financial data) or the HIPAA Privacy Rule (medical records), the California notice can accompany one of those items.

Source: Gibson, Dunn & Crutcher a major LA Law Firm

10-29-2003, 01:46 AM
KRL Entrepreneur Join Date: Oct 2002 Location: USA Posts: 31,429	MATRIX and others should be aware of this > California Civil Code § 1798.82 California Civil Code § 1798.82 ? New Duties to Disclose A "Security Breach" California has revised its business laws to require notification of customers if a "security breach" leads to the disclosure of customers' personal data. The new law is codified as an amendment to California Civil Code § 1798.82 and takes effect on July 1, 2003. It applies to any person or business that conducts business in California if the entity possesses "computerized ... personal information." If a "breach of the security system" occurs, defined as any unauthorized acquisition of personal data, the business must inform affected persons "immediately" unless law enforcement requests a delay. Consumers have a private right of action under the law for injunctive and civil damages relief, but no specific monetary penalties are suggested. While the California law sets forth several types of notice that will be considered adequate, including written notice, these may be burdensome. Fortunately, the law also provides that notice will be deemed compliant if it is made in a manner specified in a company's existing "information security policy." Businesses, therefore, may wish to specify notification methods in their user agreements or privacy statements. Few businesses currently do so. Summary Taken together, the In Re Pharmatrak case and the California law reinforce the importance of the content of privacy statements and ensuring adoption of privacy practices that facilitate compliance with applicable law. Online businesses should periodically review their privacy statements, particularly as their uses of customer data change over time. To take advantage of California Civil Code § 1798.82, business should consider adding a clause explaining how legal notices will be disseminated to users if required. The clause need not include the words "security breach" but should be clear and conspicuous. If the business is already subject to federal laws requiring specific security notices, such as the Gramm-Leach-Bliley Act (financial data) or the HIPAA Privacy Rule (medical records), the California notice can accompany one of those items. Source: Gibson, Dunn & Crutcher a major LA Law Firm __________________ If you would like to develop your domains, you can lease inexpensive foreign labor from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION! * * * * * * * * * * * * Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains