{"appState":{"pageLoadApiCallsStatus":true},"articleState":{"article":{"headers":{"creationTime":"2016-09-12T15:58:18+00:00","modifiedTime":"2016-09-12T15:58:18+00:00","timestamp":"2022-09-14T18:15:58+00:00"},"data":{"breadcrumbs":[{"name":"Academics & The Arts","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33662"},"slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33772"},"slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"},"slug":"cissp","categoryId":33777}],"title":"California Security Breach Information Act (SB-1386)","strippedTitle":"california security breach information act (sb-1386)","slug":"california-security-breach-information-act-sb-1386","canonicalUrl":"","seo":{"metaDescription":"Passed in 2003, the California Security Breach Information Act (SB-1386) was the first U.S. state law to require organizations to notify all affected individual","noIndex":0,"noFollow":0},"content":"Passed in 2003, the California Security Breach Information Act (SB-1386) was the first U.S. state law to require organizations to notify all affected individuals \"in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement,\" if their confidential or personal data is lost, stolen, or compromised, unless that data is encrypted.\r\n\r\nThe law is applicable to any organization that does business in the state of California — even a single customer or employee in California. An organization is subject to the law even if it doesn't directly do business in California (for example, if it stores personal information about California residents for another company).\r\n<p class=\"article-tips remember\">Other U.S. states have quickly followed suit, and 46 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands now have public disclosure laws. However, these laws aren't necessarily consistent from one state to another, nor are they without flaws and critics.</p>\r\nFor example, until early 2008, Indiana's Security Breach Disclosure and Identity Deception law (HEA 1101) did not require an organization to disclose a security breach \"if access to the [lost or stolen] device is protected by a <em>password</em> [emphasis added] that has not been disclosed.\" Indiana's law has since been amended and is now one of the toughest state disclosure laws in effect, requiring public disclosure unless \"all personal information . . . is protected by encryption.\"\r\n\r\nFinally, a provision in California's and Indiana's disclosure laws, as well as in most other states' laws, allows an organization to avoid much of the cost of disclosure if the cost of providing such notice would exceed $250,000 or if more than 500,000 individuals would need to be notified. Instead, a substitute notice, consisting of e-mail notifications, conspicuous posting on the organization's website, and notification of major statewide media, is permitted.","description":"Passed in 2003, the California Security Breach Information Act (SB-1386) was the first U.S. state law to require organizations to notify all affected individuals \"in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement,\" if their confidential or personal data is lost, stolen, or compromised, unless that data is encrypted.\r\n\r\nThe law is applicable to any organization that does business in the state of California — even a single customer or employee in California. An organization is subject to the law even if it doesn't directly do business in California (for example, if it stores personal information about California residents for another company).\r\n<p class=\"article-tips remember\">Other U.S. states have quickly followed suit, and 46 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands now have public disclosure laws. However, these laws aren't necessarily consistent from one state to another, nor are they without flaws and critics.</p>\r\nFor example, until early 2008, Indiana's Security Breach Disclosure and Identity Deception law (HEA 1101) did not require an organization to disclose a security breach \"if access to the [lost or stolen] device is protected by a <em>password</em> [emphasis added] that has not been disclosed.\" Indiana's law has since been amended and is now one of the toughest state disclosure laws in effect, requiring public disclosure unless \"all personal information . . . is protected by encryption.\"\r\n\r\nFinally, a provision in California's and Indiana's disclosure laws, as well as in most other states' laws, allows an organization to avoid much of the cost of disclosure if the cost of providing such notice would exceed $250,000 or if more than 500,000 individuals would need to be notified. Instead, a substitute notice, consisting of e-mail notifications, conspicuous posting on the organization's website, and notification of major statewide media, is permitted.","blurb":"","authors":[{"authorId":9931,"name":"Lawrence C. Miller","slug":"lawrence-c-miller","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9931"}},{"authorId":9180,"name":"Peter H. Gregory","slug":"peter-h-gregory","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9180"}}],"primaryCategoryTaxonomy":{"categoryId":33777,"title":"CISSP","slug":"cissp","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":254899,"title":"Assess and Mitigate Vulnerabilities in Embedded Devices","slug":"assess-mitigate-vulnerabilities-embedded-devices","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254899"}},{"articleId":254896,"title":"Assess and Mitigate Vulnerabilities in Mobile Systems","slug":"assess-mitigate-vulnerabilities-mobile-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254896"}},{"articleId":254893,"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254893"}},{"articleId":254889,"title":"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements","slug":"assess-mitigate-vulnerabilities-security-architectures-designs-solution-elements","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254889"}},{"articleId":254885,"title":"Computer Architecture and the CISSP Exam","slug":"computer-architecture-cissp-exam","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254885"}}]},"hasRelatedBookFromSearch":true,"relatedBook":{"bookId":282563,"slug":"securities-industry-essentials-exam-for-dummies-with-online-practice","isbn":"9781119886853","categoryList":["academics-the-arts","study-skills-test-prep","securities-industry-essentials-exam"],"amazon":{"default":"https://www.amazon.com/gp/product/1119886856/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"https://www.amazon.ca/gp/product/1119886856/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"http://www.tkqlhce.com/click-9208661-13710633?url=https://www.chapters.indigo.ca/en-ca/books/product/1119886856-item.html&cjsku=978111945484","gb":"https://www.amazon.co.uk/gp/product/1119886856/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"https://www.amazon.de/gp/product/1119886856/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"https://www.dummies.com/covers/9781119886853.jpg","width":250,"height":350},"title":"Securities Industry Essentials Exam 2023-2024 For Dummies with Online Practice","testBankPinActivationLink":"https://testbanks.wiley.com","bookOutOfPrint":true,"authorsInfo":"\n <p><p><b><b data-author-id=\"8980\">Steven M. Rice</b></b> is a partner and instructor at Empire Stockbroker Training Institute, one of the country’s leading schools for training to the securities industry. Steven is the author of <i>Series 7 Exam For Dummies, SIE Exam For Dummies,</i> and <i>Series 7 Exam: 1001 Practice Questions For Dummies.</i></p>","authors":[{"authorId":8980,"name":"Steven M. Rice","slug":"steven-m-rice","description":" <p><b>Steven M. Rice</b> is a partner and instructor at Empire Stockbroker Training Institute, one of the country’s leading schools for training to the securities industry. Steven is the author of <i>Series 7 Exam For Dummies, SIE Exam For Dummies,</i> and <i>Series 7 Exam: 1001 Practice Questions For Dummies.</i> ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/8980"}}],"_links":{"self":"https://dummies-api.dummies.com/v2/books/282563"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a5ef20ba\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a5ef262b\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":null,"lifeExpectancySetFrom":null,"dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":225437},"articleLoadedStatus":"success"},"listState":{"list":{},"objectTitle":"","status":"initial","pageType":null,"objectId":null,"page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{},"filterDataLoadedStatus":"initial","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2024-03-04T05:50:01+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"\r\n<script src=\"https://cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"https://sb\" : \"http://b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"https://sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n","enabled":true},{"pages":["all"],"location":"footer","script":"\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"https://zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'></div>\r\n","enabled":false},{"pages":["all"],"location":"header","script":"\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":" <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"https://www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"navigationState":{"navigationCollections":[{"collectionId":287568,"title":"BYOB (Be Your Own Boss)","hasSubCategories":false,"url":"/collection/for-the-entry-level-entrepreneur-287568"},{"collectionId":293237,"title":"Be a Rad Dad","hasSubCategories":false,"url":"/collection/be-the-best-dad-293237"},{"collectionId":295890,"title":"Career Shifting","hasSubCategories":false,"url":"/collection/career-shifting-295890"},{"collectionId":294090,"title":"Contemplating the Cosmos","hasSubCategories":false,"url":"/collection/theres-something-about-space-294090"},{"collectionId":287563,"title":"For Those Seeking Peace of Mind","hasSubCategories":false,"url":"/collection/for-those-seeking-peace-of-mind-287563"},{"collectionId":287570,"title":"For the Aspiring Aficionado","hasSubCategories":false,"url":"/collection/for-the-bougielicious-287570"},{"collectionId":291903,"title":"For the Budding Cannabis Enthusiast","hasSubCategories":false,"url":"/collection/for-the-budding-cannabis-enthusiast-291903"},{"collectionId":299891,"title":"For the College Bound","hasSubCategories":false,"url":"/collection/for-the-college-bound-299891"},{"collectionId":291934,"title":"For the Exam-Season Crammer","hasSubCategories":false,"url":"/collection/for-the-exam-season-crammer-291934"},{"collectionId":301547,"title":"For the Game Day Prepper","hasSubCategories":false,"url":"/collection/big-game-day-prep-made-easy-301547"}],"navigationCollectionsLoadedStatus":"success","navigationCategories":{"books":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/books/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/books/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/books/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/books/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/books/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/books/level-0-category-0"}},"articles":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/articles/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/articles/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/articles/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/articles/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/articles/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/articles/level-0-category-0"}}},"navigationCategoriesLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":[],"relatedArticlesStatus":"initial"},"routeState":{"name":"Article3","path":"/article/academics-the-arts/study-skills-test-prep/cissp/california-security-breach-information-act-sb-1386-225437/","hash":"","query":{},"params":{"category1":"academics-the-arts","category2":"study-skills-test-prep","category3":"cissp","article":"california-security-breach-information-act-sb-1386-225437"},"fullPath":"/article/academics-the-arts/study-skills-test-prep/cissp/california-security-breach-information-act-sb-1386-225437/","meta":{"routeType":"article","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"dropsState":{"submitEmailResponse":false,"status":"initial"},"profileState":{"auth":{},"userOptions":{},"status":"success"}}

California Security Breach Information Act (SB-1386)

By: Lawrence C. Miller and Peter H. Gregory and

Updated: 09-12-2016

Securities Industry Essentials Exam 2023-2024 For Dummies with Online Practice

Book image

Explore Book Buy On Amazon

Passed in 2003, the California Security Breach Information Act (SB-1386) was the first U.S. state law to require organizations to notify all affected individuals "in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement," if their confidential or personal data is lost, stolen, or compromised, unless that data is encrypted.

The law is applicable to any organization that does business in the state of California — even a single customer or employee in California. An organization is subject to the law even if it doesn't directly do business in California (for example, if it stores personal information about California residents for another company).

Other U.S. states have quickly followed suit, and 46 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands now have public disclosure laws. However, these laws aren't necessarily consistent from one state to another, nor are they without flaws and critics.

For example, until early 2008, Indiana's Security Breach Disclosure and Identity Deception law (HEA 1101) did not require an organization to disclose a security breach "if access to the [lost or stolen] device is protected by a password [emphasis added] that has not been disclosed." Indiana's law has since been amended and is now one of the toughest state disclosure laws in effect, requiring public disclosure unless "all personal information . . . is protected by encryption."

Finally, a provision in California's and Indiana's disclosure laws, as well as in most other states' laws, allows an organization to avoid much of the cost of disclosure if the cost of providing such notice would exceed $250,000 or if more than 500,000 individuals would need to be notified. Instead, a substitute notice, consisting of e-mail notifications, conspicuous posting on the organization's website, and notification of major statewide media, is permitted.

About This Article

This article can be found in the category:

CISSP ,