"What's Changed Under SB 446 Previously, California law required businesses to notify affected individuals of data breaches "without unreasonable delay." Under SB 446, businesses must notify affected individuals within 30 calendar days of discovering or being notified of a data breach. However, the law includes some flexibility to accommodate the practical realities of incident response. Specifically, businesses may delay notification when necessary for legitimate law enforcement purposes or to determine the full scope of the breach and restore the integrity of data systems."
"Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California's data breach notification requirements. The bill establishes deadlines for notifying consumers and the state's Attorney General when personal information of California residents has been involved in a data breach. For breaches affecting more than 500 California residents, existing law requires businesses to notify the California Attorney General. SB 446 adds a deadline for those notifications."
SB 446 establishes specific deadlines for data breach notifications in California. Businesses must notify affected California residents within 30 calendar days of discovering or being notified of a data breach. The law permits delaying notification when necessary for legitimate law enforcement purposes or to determine the full scope of the breach and restore system integrity. For breaches affecting more than 500 California residents, businesses must notify the California Attorney General. The Attorney General must be notified within 15 calendar days of notifying affected consumers. The law replaces the prior vague standard of notifying individuals “without unreasonable delay.”
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]