California's Security Breach Information Act (SB 1386) becomes official Tuesday and mandates for the first time that businesses must inform customers when electronic data is compromised by a hacker. SB 1386 requires companies that own or maintain the personal information . . .
California's Security Breach Information Act (SB 1386) becomes official Tuesday and mandates for the first time that businesses must inform customers when electronic data is compromised by a hacker. SB 1386 requires companies that own or maintain the personal information of California residents to notify the people if that data is unlawfully accessed.

Gray areas remain with SB 1386 -- for example, it's unclear whether the state can impose the law upon companies that operate outside the state but own personal data about California residents.

Some industry opposition has been voiced, which softened the law somewhat while it was being written. But "it issues a mandatory disclosure requirement that, to my knowledge, has not existed in another state or federal law," said Steve Pink, deputy chairman of the American Bar Association's Cybersecurity Task Force and an attorney with Gray Cary Ware & Freidenrich. Pink presented a tutorial last week on SB 1386 that was sponsored by vulnerability scanning outsourcer Qualys Inc.

The link for this article located at SearchSecurity is no longer available.