On July 1, 2003, Senate bill 1386 becomes Civil Code 1798.82. In a nutshell, the law states that any person or company doing business in the state of California is responsible for notifying California residents of security breaches to their non-encrypted . . .
On July 1, 2003, Senate bill 1386 becomes Civil Code 1798.82. In a nutshell, the law states that any person or company doing business in the state of California is responsible for notifying California residents of security breaches to their non-encrypted information. It is important to note that the actual breach does not need to occur in the state of California for the law to apply. As long as a company is doing business in the state, "doing business" defined as: having a registered agent in the state of California, having a physical office, contracting to do business with vendors in the state (parts manufacturers, suppliers), or having retail outlets in the state, they are liable to notify their California customers. However, if you are strictly a mail order business, with no ties to California except your online customers, this law may not apply to you at all.

Most corporations are going to take the path of least exposure, i.e., letters mailed to affected customers. Interestingly, there is no language in this law governing what the notification has to say, and whether or not it has to be easily understood by the customer. Even more compelling, this law applies worldwide, to any company doing business in the state, regardless of what they sell and whether or not they know that such a law exists.

The link for this article located at HelpNetSecurity is no longer available.