Today Governor Jerry Brown signed into law an amendment to existing California Civil Code provisions governing notification duties in the event that the security of unencrypted personal data of California residents – including financial, health, and health insurance information – is breached or suspected to be breached. I posted a summary of the new law and its requirements on August 19 so click through or scroll down for the details. A press release from the office of sponsoring state Senator Joseph Simitian (D-Palo Alto) can be reviewed here.
This bill had no formal opponents and moved quickly through the legislative approval process, signaling California legislators’ strong interests in data privacy concerns. The original version of the now amended breach notification law, enacted in 2003, has since inspired 45 similar state laws, and likely influenced the federal health data breach notification duties under HIPAA as amended by HITECH. I expect more developments in the data privacy area that affect benefit plan sponsors, their vendors and brokers, and will keep you updated as they occur.