Existing law, the Information Practices Act of 1977, requires an agency that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was compromised, as specified. Existing law also requires a business that owns, licenses, or maintains personal information about a California resident to implement and maintain reasonable security procedures and practices. Existing law requires a person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, to disclose a breach of the security of the system following discovery or notification of the breach.
This bill would specify that personal information for these purposes includes genetic data, and would define genetic data to mean any data, regardless of its format, that results from the analysis of a biological sample of an individual, or other source, and concerns genetic material, as specified. Because this bill would establish new requirements on local agencies, the bill would impose a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.

Statutes affected:
AB825: 1798.81.5 CIV, 1798.82 CIV
02/16/21 - Introduced: 1798.81.5 CIV, 1798.82 CIV
03/26/21 - Amended Assembly: 1798.29 CIV, 1798.81.5 CIV, 1798.82 CIV
09/10/21 - Enrolled: 1798.29 CIV, 1798.81.5 CIV, 1798.82 CIV
10/05/21 - Chaptered: 1798.29 CIV, 1798.81.5 CIV, 1798.82 CIV
AB 825: 1798.81.5 CIV, 1798.82 CIV