General information

State Amends Data Breach Law
November 4, 2013

Senate Bill 46 adds two new categories of personal information that, if compromised in a security breach, triggers a duty to send a notification to affected persons. Those categories are information and login credentials to permit access to online accounts and email accounts.

On the other hand, in these limited circumstances in which other personal information is not compromised, such as social security numbers, the entity that owns or licenses the data may comply with an abbreviated breach notification requirement. See CBA’s Regulatory Compliance Bulletin for more information.