词条 | California S.B. 1386 |
释义 |
}}{{cleanup reorganize|date=December 2015}}California S.B. 1386 was a bill passed by the California legislature that amended civil codes 1798.29, 1798.82 and 1798.84, the California law regulating the privacy of personal information. The first of many U.S. and international security breach notification laws, it was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003.[1] AbstractEnactment of a requirement for notification to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Essentially, it requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed). The bill mandates various mechanisms and procedures with respect to many aspects of this scenario, subject also to other defined provisions. The statute requires notification if you meet the following:
An out-of-state corporation that has personal information relating to a California resident would fall under this statute. A question on minimum contacts would then ensue as to whether an action may be brought in California to enforce the California resident's rights under the statute. Corporations with no physical locations in California are not subject to California law. SB 1386 no more impacts a Delaware corporation with no presence in California than do California laws regarding vehicle emissions. That SB 1386 would affect an out-of-state corporation is based on the notion of 'quasi in rem' jurisdiction, a notion that the Supreme Court invalidated in Shaffer v. Heitner. Corporations can determine whether they are subject to this statute by reviewing the following questions:
A corporation that answers yes to all five of these questions must report. The statute does not apply to "encrypted" information. Thus one way to avoid reporting is to encrypt all "personal information." A corporation can also avoid reporting if its data does not contain "personal information" relating to a California resident. "Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
"Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. References1. ^{{cite web|title=Bill Text - SB-1386 Personal information: privacy.|url=https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=200120020SB1386|website=leginfo.legislature.ca.gov}} External links
3 : Computing legislation|Information privacy|California statutes |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。