Bill Text: CA AB1035 | 2019-2020 | Regular Session | Amended
Bill Title: COVID-19 emergency: small businesses: immunity from civil liability.
Spectrum: Bipartisan Bill
Status: (Engrossed - Dead) 2020-06-25 - From committee chair, with author's amendments: Amend, and re-refer to committee. Read second time, amended, and re-referred to Com. on JUD. [AB1035 Detail]
Download: California-2019-AB1035-Amended.html
Amended
IN
Senate
June 25, 2020 |
Amended
IN
Senate
May 23, 2019 |
Amended
IN
Assembly
May 07, 2019 |
Amended
IN
Assembly
April 22, 2019 |
Introduced by Assembly |
February 21, 2019 |
LEGISLATIVE COUNSEL'S DIGEST
(1)Existing law defines and regulates the use of personal information by businesses. Existing law requires a person or business, as defined, that owns or licenses computerized data that includes personal information to disclose, as specified, any breach of the security of the system following discovery or notification of the breach. Existing law requires the disclosure to be made in the most expedient time possible and without unreasonable delay consistent with the legitimate needs of law enforcement, as provided, and other security and investigative measures.
This bill would, instead, require a person or business, as defined, that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, but
in no case more than 45 days, following discovery or notification of the breach, subject to the legitimate needs of law enforcement, as provided. The bill would make other conforming changes.
(2)Existing law, the Information Practices Act of 1977, requires a public agency, as defined, that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay following discovery or notification of the breach, as specified.
This bill would, instead, require an agency that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, but in no case longer than 45 days, following discovery or notification of the breach.
The bill would additionally require an agency that was the source of a security breach to offer, in the notice of the breach, appropriate identity theft prevention and mitigation services at no cost to potential or actual victims of the breach, as specified.
The bill would also make nonsubstantive changes.