Should someone hack or otherwise gain unauthorized access to your business's computer network where you store personal information about your customers, you may be required to disclose this security breach to the affected individuals. Most states have enacted legislation requiring notification of security breaches involving personal information, and these states have a multitude of different requirements about when and how you must notify your customers. Importantly, failure to notify the affected individuals of a security breach may result in significant penalties and other liability for you or your business.
Kronenberger Burgoyne can assist in analyzing a breach under a variety of state laws. Notably, the requirements of California's breach notice law are some of the strictest, and these requirements are placed on any person or business that does business in California - which includes most businesses that operate in the United States over the Internet.
The California Database Security Breach Notification Act (the "Act"), requires those who own, license or maintain computerized data that includes "personal information" to disclose breaches of security in certain circumstances.
Definition of Personal Information under California Law. "Personal information" is any unencrypted information that can be used to identify a person (such as an individual's first name or first initial and last name) in conjunction with any of the following:
• Social Security Number;
• Driver's license number or California identification card number;
• Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
Triggering the Duty to Disclose Breach of Security. The Act requires any person or business that owns or licenses computer data including "personal information," and which is conducting business in California, to notify each California resident of a breach of the security of the data if the individual's private information was, or is reasonably believed to have been, acquired by a person without valid authorization. The Act also requires any person or business that maintains (but does not own) computer data including personal information, to notify the owner or licensee of the information (as opposed to the affected individual/California resident) of a breach of the security of the data if the information was, or is reasonably believed to have been, acquired by a person without valid authorization.
In each instance, the Act requires that notifications be made in "the most expedient time possible and without unreasonable delay." Cal. Civ. Code § 1798.82(a).
Businesses that experience breaches of security need to take prompt and decisive action to determine whether they need to notify their
customers and how to provide the notification. Kronenberger Burgoyne would be happy to bring it experience to bear for your company
on this issue of breaches of security. You can call us at 415-955-1155, ext. 120, or you can submit your case through our online case submission form.
Free Online Case Submission |
Internet Law |
Cybersquatting |
Internet Copyright |
Domain Law |
Website Agreements |
Internet Trademark |
Internet Defamation |
Internet Copyright Infringement |
Internet Law Firm Profile |
Internet Attorney Profile |
Internet Litigation |
Contact Us |
Internet Law News & Events |
Internet Law Home Page
Contact: 150 Post Street, Suite 520, San Francisco, CA 94108-4707 (415) 955-1155
Internet Content Distribution | Internet Piracy | Internet False Advertising | Domain Theft | ICANN Arbitrations | Rapid Response Litigation Team | Spam Law | Internet Trademark Infringement | Internet Copyright Infringement | Buy or Sell an Internet Assets | Tech & Services Deals | Anonymous Fraud | Internet Forensics | Click Fraud | Internet Libel | Misappropriation-Right of Publicity | Motion to Quash |
© Kronenberger Burgoyne, LLP 2006
"Pioneering the Internet Law Frontier" is a registered service mark of Kronenberger Burgoyne, LLP. All rights reserved.
Terms of Use |
PRIVACY POLICY