I’ve Had A Data Breach – Now What?

Man hacking data on laptop

A business that maintains records that include a customer’s name along with any one of the following: signature, social security number, address, telephone number, physical description, passport number, driver’s license number, insurance policy number, education, employment, employment history, bank account number, credit card number, or any other financial, medical or health insurance information, must give a specific form of notice if the records are stolen or unauthorized access occurs.

If such a breach occurs, California Civil Code Section 1798.82 requires that the notice be in the following format.  First the notice must have a conspicuous title at the top of the document that reads “NOTICE OF DATA BREACH.”  The body of the notice must contain the following headings:

  1. What Happened?
  2. What Information Was Involved?
  3. What Are We Doing?
  4. What Can You Do?
  5. Other Information:
  6. For More Information:

Within these headings, the notice must provide

  • The name and contact information of the person or business providing the notice
  • A list of the types of personal information that are reasonably believed to have been the subject of the breach
  • The date or dates (estimated if necessary) of the breach(es)
  • A general description of the breach incident
  • Whether the notice was delayed because of a law enforcement investigation
  • The toll free numbers and addresses of the major credit reporting agencies if the breach included social security or driver’s license information
  • If the person or business providing the notification was the source of the breach, an offer to provide identity theft protection and mitigation services, if any, shall be provided for a period of not less than 12 months if the data breach included both social security numbers and driver’s license numbers

The notice may be in written form, in electronic form, or posted on the company’s website for a period of not less than 30 days provided that a link appears on the home page of the website that is in larger type than the surrounding text or is set off from the surrounding text by symbols or marks that call attention to the link.

CRES E&O policies come standard with Data Breach notification coverage.

Get extra coverage for cyber damages today with our Cyber Liability Coverage.

About the Author

Mark Carlson

Mark Carlson

Carlson Law Group

Mr. Carlson formed Carlson Law Group, Inc. in January 2005. He currently represents scores of real estate professionals in a wide range of matters. Mr. Carlson also represents individuals in the purchase, sale and lease of residential, commercial and industrial properties. Additionally, he has assisted several clients in building permit, zoning and other land use matters. Mr. Carlson’s practice focuses mainly on litigated matters, and he has handled over a dozen jury trials to verdict as well as several court trials. His trial experience includes two trials that each lasted over five weeks. Throughout his career, Mr. Carlson has strived to provide superior legal services while at the same time containing costs for his clients.

This blog/website is made available by CRES Insurance Services for educational purposes to give you general information and understanding of legal risks and insurance options, not to provide specific legal advice. This blog/website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Claims examples are for illustrative purposes only. Read your policy for a complete description of what is covered and excluded.

Originally Published September 1, 2016

Category: , , ,

Real estate brokers: do you really know what your agents are doing? Claims are on the rise due to agents’ “hidden”… https://t.co/VfBklIV9yI Give your sellers a CRES Qualified Home Warranty from First American. This includes 14 SEER compatibility, no cap o… https://t.co/X4pX5u66tZ