This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
California S.B. 1386 was a bill passed by the California legislature that amended the California law regulating the privacy of personal information: civil codes 1798.29, 1798.82 and 1798.84. This was an early example of many future U.S. and international security breach notification laws, it was introduced by California State Senator Steve Peace on February 12, 2002, and became operative July 1, 2003. [1]
Enactment of a requirement for notification to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information,' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed). [2]
The bill mandates various mechanisms and procedures with respect to many aspects of this scenario, subject also to other defined provisions.
Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. An out-of-state corporation that has personal information relating to a California resident would fall under this statute. A question on minimum contacts would then ensue as to whether an action may be brought in California to enforce the California resident's rights under the statute.
Corporations with no physical locations in California are not subject to California law. That SB 1386 would affect an out-of-state corporation is based on the notion of 'quasi in rem' jurisdiction, a notion that the Supreme Court invalidated in Shaffer v. Heitner .
Corporations can determine whether they are subject to this statute by reviewing the following questions:
A corporation that answers yes to all five of these questions must report.
The statute does not apply to "encrypted" information. Thus one way to avoid reporting is to encrypt all "personal information." A corporation can also avoid reporting if its data does not contain "personal information" relating to a California resident.
"Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
"Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.
Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.
The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It modernized the flow of healthcare information, stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and healthcare businesses, called covered entities, from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. With limited exceptions, it does not restrict patients from receiving information about themselves. It does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends, or other individuals not a part of a covered entity.
VTech is a Hong Kong-based global supplier of electronic learning products from infancy to preschool and the world's largest manufacturer of cordless phones.
Privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into their private affairs, discloses their private information, publicizes them in a false light, or appropriates their name for personal gain.
Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.
Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.
Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.
Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.
Security breach notification laws or data breach notification laws are laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature. Data breach notification laws have two main goals. The first goal is to allow individuals a chance to mitigate risks against data breaches. The second goal is to promote company incentive to strengthen data security.Together, these goals work to minimize consumer harm from data breaches, including impersonation, fraud, and identity theft.
A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".
Canadian privacy law is derived from the common law, statutes of the Parliament of Canada and the various provincial legislatures, and the Canadian Charter of Rights and Freedoms. Perhaps ironically, Canada's legal conceptualization of privacy, along with most modern legal Western conceptions of privacy, can be traced back to Warren and Brandeis’s "The Right to Privacy" published in the Harvard Law Review in 1890, Holvast states "Almost all authors on privacy start the discussion with the famous article 'The Right to Privacy' of Samuel Warren and Louis Brandeis".
The Personal Data Privacy and Security Act of 2009, was a bill proposed in the United States Congress to increase protection of personally identifiable information by private companies and government agencies, set guidelines and restrictions on personal data sharing by data brokers, and to enhance criminal penalty for identity theft and other violations of data privacy and security. The bill was sponsored in the United States Senate by Patrick Leahy (Democrat-Vermont), where it is known as S.1490.
California's "Shine the Light" law is a privacy law passed by the California State Legislature in 2003. It became an active part of the California Civil Code on January 1, 2005. It is considered one of the first attempts by a state legislature in the United States to address the practice of sharing customers' personal information for marketing purposes, also known as "list brokerage." The law outlines procedures requiring companies to disclose upon the request of a California resident what personal information has been shared with third parties, as well as the parties with which the information has been shared. The law also outlines specific language that companies who do business with California residents must include in their online privacy policies.
Edwin “Ed” Chau is an American jurist and politician who served in the California State Assembly as a Democrat representing the 49th state assembly District from 2012 to 2021. On November 29, 2021, California Governor Gavin Newsom appointed Chau to be a judge in the Los Angeles County Superior Court.
Joffe v. Google, Inc. is a federal lawsuit between Ben Joffe and Google, Inc. Joffe claimed that Google broke one of the Wiretap Act segments when they intruded on the seemingly "public" wireless networks of private homes through their Street View application. Although Google tried to appeal their case multiple times, the courts favored Joffe's argument. Ultimately the Supreme Court declined to take the case, affirming the decision by the United States Court of Appeals for the Ninth Circuit that the Wiretap Act covers the interception of unencrypted Wi-Fi communications.
The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.
The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of the state of California in the United States. The bill was passed by the California State Legislature and signed into law by the Governor of California, Jerry Brown, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.
The Personal Information Protection Law of the People's Republic of China referred to as the Personal Information Protection Law or ("PIPL") protecting personal information rights and interests, standardize personal information handling activities, and promote the rational use of personal information. It also addresses the transfer of personal data outside of China.