California AB 1950 and SB 1386 are two privacy bills, now laws in the State of California, that require organizations to notify Californians if their personal information is disclosed during a security breach.
SB 1386 was passed in 2002 to become effective on July 1, 2003. This law is directed at state agencies and businesses operating in California. Personal information is defined as an individual’s first name or first initial and last name with any of the following;
• Social Security number,
• Driver’s license number or California Identification Card number, or
• Account number, credit or debit card number, in combination with something like a PIN or password which would allow access to the account.
AB 1950 was passed in 2004, and became effective January 1, 2005. It added medical information to the information to be protected and extended the responsibility to organizations outside of the State, if they collect information about California residents. It does not apply to organizations that are subject to other privacy laws.