Bill Summary – FastDemocracy

(1) Existing law defines and regulates the use of personal information by businesses. Existing law requires a person or business, as defined, that owns or licenses computerized data that includes personal information to disclose, as specified, any breach of the security of the system following discovery or notification of the breach. Existing law requires the disclosure to be made in the most expedient time possible and without unreasonable delay consistent with the legitimate needs of law enforcement, as provided, and other security and investigative measures.
This bill would, instead, require a person or business, as defined, that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, but in no case more than 45 days, following discovery or notification of the breach, subject to the legitimate needs of law enforcement, as provided. The bill would make other conforming changes.
(2) Existing law, the Information Practices Act of 1977, requires a public agency, as defined, that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay following discovery or notification of the breach, as specified. 
This bill would, instead, require an agency that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, but in no case longer than 45 days, following discovery or notification of the breach. The bill would additionally require an agency that was the source of a security breach to offer, in the notice of the breach, appropriate identity theft prevention and mitigation services at no cost to potential or actual victims of the breach, as specified.
The bill would also make nonsubstantive changes.
Statutes affected: 
AB1035: 1798.29 CIV, 1798.82 CIV
02/21/19 - Introduced: 1798.29 CIV, 1798.82 CIV
04/22/19 - Amended Assembly: 1798.29 CIV, 1798.82 CIV
05/07/19 - Amended Assembly: 1798.29 CIV, 1798.82 CIV
05/23/19 - Amended Senate: 1798.29 CIV, 1798.82 CIV