Five of California's statutes require careful review.
Identifying the laws with the greatest compliance impact is difficult. From my perspective, though, there are at least five statutes in California, apart from the Security Breach Notice Law, that require watching and careful review:
The Online Privacy Protection Act of 2003
Social Security Number Confidentiality
This law restricts a commercial entity (or governmental agency) from publicly displaying a Social Security number, using it on an identification card or similar access card, or requesting it online without the requisite secure link. This law phases in from 2002 to 2007.
Destruction of Customer Records
This law governs the methods under which documents and records that contain any personal information of a consumer must be destroyed. They must be shredded, erased, or otherwise modified in such a way that they are no longer recoverable.
Note that this law may be superseded by the Federal Fair Credit Reporting Act amendments. The Federal Trade Commission has requested comments to its proposed rule on the disposal requirements. The comment period ended June 15. Essentially, "Section 216 of the FACT Act requires the Commission, Federal banking agencies, National Credit Union Administration, and Securities and Exchange Commission (the 'Agencies'), to issue regulations requiring 'any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose to properly dispose of any such information or compilation.' The purpose of this section is to prevent unauthorized disclosure of consumer information and to reduce the risk of fraud or related crimes, including identity theft, by ensuring that records containing sensitive financial or personal information are appropriately redacted or destroyed before being discarded. The Agencies are required to consult and coordinate with each other so that, to the extent possible, regulations implementing this section are consistent and comparable. In addition, the Agencies' regulations must be consistent with the Gramm-Leach-Bliley Act and other provisions of federal law.
"The Commission has conferred with the Agencies and now offers for public comment this proposed rule regarding the disposal of consumer report information and records ('Disposal Rule' or 'Rule')." (From the FTC request for comments, Proposed Rules, Federal Register April 20.)
Check with your counsel on whether the California law still applies to your data destruction and keep an eye on the rulemaking by the FTC to see the federal standards.
California's Fair Debt Collection Act
Among other things, this law forbids a creditor from trying to collect a debt from a victim of identity theft. There are various procedures required on the victim's part as well as on the creditor's part before this becomes a ban on collection of the debt.
Employment Of Offenders--Penal Code
This law prohibits prison inmates from being employed in a situation in which personal information is made available. In many cases, prisoners across the United States are being used for data input. In at least one case I'm aware of, a woman was cyberstalked by a prisoner who got her information while working from prison. This law was designed to prevent that kind of abuse.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.