A business that maintains records that include a customer’s name along with any one of the following: signature, social security number, address, telephone number, physical description, passport number, driver’s license number, insurance policy number, education, employment, employment history, bank account number, credit card number, or any other financial, medical or health insurance information, must give a specific form of notice if the records are stolen or unauthorized access occurs.
If such a breach occurs, California Civil Code Section 1798.82 requires that the notice be in the following format. First the notice must have a conspicuous title at the top of the document that reads “NOTICE OF DATA BREACH.” The body of the notice must contain the following headings:
- What Happened?
- What Information Was Involved?
- What Are We Doing?
- What Can You Do?
- Other Information:
- For More Information:
Within these headings, the notice must provide
- The name and contact information of the person or business providing the notice
- A list of the types of personal information that are reasonably believed to have been the subject of the breach
- The date or dates (estimated if necessary) of the breach(es)
- A general description of the breach incident
- Whether the notice was delayed because of a law enforcement investigation
- The toll free numbers and addresses of the major credit reporting agencies if the breach included social security or driver’s license information
- If the person or business providing the notification was the source of the breach, an offer to provide identity theft protection and mitigation services, if any, shall be provided for a period of not less than 12 months if the data breach included both social security numbers and driver’s license numbers
The notice may be in written form, in electronic form, or posted on the company’s website for a period of not less than 30 days provided that a link appears on the home page of the website that is in larger type than the surrounding text or is set off from the surrounding text by symbols or marks that call attention to the link.
CRES E&O policies come standard with Data Breach notification coverage.
Get extra coverage for cyber damages today with our Cyber Liability Coverage.
About the Author
Mark Carlson
Mr. Carlson formed Carlson Law Group, Inc. in January 2005. He currently represents scores of real estate professionals in a wide range of matters. Mr. Carlson also represents individuals in the purchase, sale and lease of residential, commercial and industrial properties. Additionally, he has assisted several clients in building permit, zoning and other land use matters. Mr. Carlson’s practice focuses mainly on litigated matters, and he has handled over a dozen jury trials to verdict as well as several court trials. His trial experience includes two trials that each lasted over five weeks. Throughout his career, Mr. Carlson has strived to provide superior legal services while at the same time containing costs for his clients.
