Effective January 1, 2015, A.B. 1710 amends California’s breach notification, security procedures, and Social Security number (SSN) laws, generally outlined as follows:
- provides that existing personal information data security obligations apply to businesses that maintain personal information, in addition to those who own or license the information;
- provides that if the person or business issuing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, be made at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached, if the breach exposed or may have exposed SSN and driver’s license numbers;
- provides that a person or entity may not sell, advertise for sale, or offer to sell an individual’s SSN, except as permitted.