In short, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information has been breached or compromised. thus, the Act stipulates that if there’s a security breach of a database containing personal data, the responsible entity must notify each and every individual for whom it maintained the information for. The Act, which went into effect July 1, 2003, was created to help stem the alarming growth of identity theft, which has many consumers on the edge and frightened concerning the protection of their personal data.
Here’s what’s important to grasp for a regulatory compliance aspect. The California SB-1386 is a trend that is sweeping the nation and will only continue to grow as concerns for the security of confidential information become more paramount. Gov. Tim Pawlenty signed the MN Plastic Card Security Act, essentially codifying parts of the Payment Card Industry Data Security Standards (PCI DSSS) into law.
Auditors need to be aware of these rules and regulations and their overall impact they can have on an audit, be a SAS 70 audit, HIPAA or GLBA audit or even a PCI DSS Assessment.