An amendment to the California data breach notification statute requires companies that experience a data breach to include information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons at no cost if the breach exposed or may have exposed certain personal information. This is the first time any state has imposed such mandates. The new law, AB 1710, signed by Governor Jerry Brown on September 30, 2014, also expands the application of safeguard requirements for personal information and further prohibits certain uses and disclosures of Social Security numbers. The new law becomes effective January 1, 2015.
Home > State Law Articles > California > General (CA) > California Becomes First State to Require Credit Monitoring Services Information Following a Data Breach