New California Law for Managing Data Breaches

An increased number of data breaches in recent years affecting millions of California businesses and industries has resulted in an update in California law relating to personal information security and protection. Effective January 1, 2015, Assembly Bill 1710 (AB1710) now requires: (1) that businesses “maintain” personal information about California residents implement and maintain reasonable security measures to protect residents’ personal information; (2) the prohibition of the sale, advertisement, or offer to sell an individual’s social security number; and (3) certain requirements related to identity theft prevention and mitigation services in the event that an organization offered such remediation services to affected residents connection with a data security breach.