Five of California's statutes require careful review.
Identifying the laws with the greatest compliance impact is difficult. From my perspective, though, there are at least five statutes in California, apart from the Security Breach Notice Law, that require watching and careful review:
The Online Privacy Protection Act of 2003
Social Security Number Confidentiality
This law restricts a commercial entity (or governmental agency) from publicly displaying a Social Security number, using it on an identification card or similar access card, or requesting it online without the requisite secure link. This law phases in from 2002 to 2007.
Destruction of Customer Records
This law governs the methods under which documents and records that contain any personal information of a consumer must be destroyed. They must be shredded, erased, or otherwise modified in such a way that they are no longer recoverable.
Note that this law may be superseded by the Federal Fair Credit Reporting Act amendments. The Federal Trade Commission has requested comments to its proposed rule on the disposal requirements. The comment period ended June 15. Essentially, "Section 216 of the FACT Act requires the Commission, Federal banking agencies, National Credit Union Administration, and Securities and Exchange Commission (the 'Agencies'), to issue regulations requiring 'any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose to properly dispose of any such information or compilation.' The purpose of this section is to prevent unauthorized disclosure of consumer information and to reduce the risk of fraud or related crimes, including identity theft, by ensuring that records containing sensitive financial or personal information are appropriately redacted or destroyed before being discarded. The Agencies are required to consult and coordinate with each other so that, to the extent possible, regulations implementing this section are consistent and comparable. In addition, the Agencies' regulations must be consistent with the Gramm-Leach-Bliley Act and other provisions of federal law.
"The Commission has conferred with the Agencies and now offers for public comment this proposed rule regarding the disposal of consumer report information and records ('Disposal Rule' or 'Rule')." (From the FTC request for comments, Proposed Rules, Federal Register April 20.)
Check with your counsel on whether the California law still applies to your data destruction and keep an eye on the rulemaking by the FTC to see the federal standards.
California's Fair Debt Collection Act
Among other things, this law forbids a creditor from trying to collect a debt from a victim of identity theft. There are various procedures required on the victim's part as well as on the creditor's part before this becomes a ban on collection of the debt.
Employment Of Offenders--Penal Code
This law prohibits prison inmates from being employed in a situation in which personal information is made available. In many cases, prisoners across the United States are being used for data input. In at least one case I'm aware of, a woman was cyberstalked by a prisoner who got her information while working from prison. This law was designed to prevent that kind of abuse.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.