Beth Givens, PRC Director
Beginning on July 1, state government agencies as well as companies and nonprofit organizations regardless of geographic location must notify California customers if personal information maintained in computerized data files have been compromised by unauthorized access.
California consumers must be notified when their name is illegitimately obtained from a server or database with other personal information such as their Social Security number, driver's license number, account number, credit or debit card number, or security code or password for accessing their financial account.
Beth Givens, Director of the Privacy Rights Clearinghouse stated, "In the past, companies usually did not notify their customers when their electronic data had been compromised, subsequently leaving them at risk for identity theft or financial fraud. Now individuals can take the appropriate proactive steps to safeguard their financial health when they learn that their information may have been accessed by hackers or unauthorized employees."
According to Givens, many consumers do not find out that their information has been compromised until it is too late, for instance when they are contacted by a collection agency, are denied credit, or when their financial accounts are drained. In most instances, consumers remain in the dark about how their information got into the wrong hands.
Givens continued, "Public disclosure of lax security procedures means unwelcome publicity for government agencies and businesses alike. To avoid the negative backlash from having to notify customers to hacking or dishonest employees, companies are focusing on the importance of protecting personal information. This law mandates good corporate stewardship of customer information, not just for businesses located in California, but for any entity that has personal information about Californians."
The details of this law are covered in California Civil Code Sections 1798.29 and 1798.82, accessible at: