Materials distributed during our Education Law Technology Symposium in September 2015 included pending federal and state bills, the passage of which would affect colleges and universities, community colleges, and K-12 school districts in California. Governor Brown signed into law two bills mentioned in those materials, Senate Bill 570 and Assembly Bill 964, which relate to obligations of agencies in the event of a data breach.
Existing law requires a person or entity conducting business in California or any state or local agency that owns or licenses computerized data that includes personal information to disclose a breach of the security of the system following discovery or notification of the security breach to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the data system. (California Civil Code sections 1798.29 and 1798.82.)
Together, Senate Bill 570 and Assembly Bill 964 amend Civil Code sections 1798.29 and 1798.82 to require a security breach notice to be written in plain language and titled “Notice of Data Breach.” Information required in the notice must be organized under specified headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be added. The notice format must be designed to call attention to the nature and significance of the information it contains, the title and headings must be clearly and conspicuously displayed, and the text of the notice must be no smaller than 10-point type. A model written notice, as provided in the statute, may be used for compliance or the agency may use its own form incorporating the required title, headings, and notice information written in plain language. Use of the title, headings and required information written in plain language is required for electronic notice.
The notice must be conspicuously posted on the agency’s website for a minimum of 30 days. Conspicuous posting means providing a link to the notice on the home page or first significant page that is in larger type than surrounding text, or contrasting text, or set off by symbols or other marks calling attention to the link.
The bills also added “information or data collected through the use or operation of an automated license plate recognition system per Section 1798.90.5” to the definition of personal information covered by this section. They also amended Civil Code sections 1798.29 and 1798.82 to define “encrypted” to mean rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security.
Because public educational institutions are “local agencies” that maintain computerized data that includes personal information, these requirements apply to California schools, colleges and universities as of January 1, 2016. Having a data breach notification form that complies with these provisions is an important component of an overall data breach action plan. Our firm is available to provide assistance in developing data breach plans to fit the needs of individual institutions.
- Partner
Sharon Ormond chairs AALRR’s Associate Mentoring and Training Committee and is a member of the firm’s Higher Education, Title IX, Civil Rights, and Wage and Hour teams. She represents numerous community college districts and ...
- Partner
Alexandria Davidson represents California public school districts as general counsel. She has experience with employment-related matters, including certificated and classified employee discipline, reductions of force ...
Other AALRR Blogs
Recent Posts
- Are You Ready for AB 2534? Our AB 2534 Toolkit Is Here to Help
- Don't Start from Scratch: Our AI Policy Toolkit Has Your District Covered
- Slurs and Epithets in the College Classroom: Are they protected speech?
- AALRR’s 2024 Title IX Virtual Academy
- Unmasking Deepfakes: Legal Insights for School Districts
- How to Address Employees’ Use of Social Media
- How far is too far? Searching Students’ Homes and Remote Test Proctoring
- Making Cybersecurity a Priority
- U.S. Department of Education Issues Proposed Amendments to Title IX Regulations
- Inadvertent Disability Discrimination May Lurk in Hiring Software, Artificial Intelligence and Algorithms
Popular Categories
- (55)
- (12)
- (81)
- (96)
- (43)
- (53)
- (22)
- (40)
- (11)
- (22)
- (6)
- (4)
- (3)
- (2)
- (3)
- (2)
- (4)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
Contributors
- Steven J. Andelson
- Ernest L. Bell
- Matthew T. Besmer
- William M. Betley
- Mark R. Bresee
- W. Bryce Chastain
- J. Kayleigh Chevrier
- Andreas C. Chialtas
- Georgelle C. Cuevas
- Scott D. Danforth
- Alexandria M. Davidson
- Michael J. Davis
- Mary Beth de Goede
- Anthony P. De Marco
- Peter E. Denno
- William A. Diedrich
- A. Christopher Duran
- Amy W. Estrada
- Jennifer R. Fain
- Eve P. Fichtner
- Paul S. Fleck
- Mellissa E. Gallegos
- Stephanie L. Garrett
- Karen E. Gilyard
- Todd A. Goluba
- Jacqueline D. Hang
- Davina F. Harden
- Suparna Jain
- Jonathan Judge
- Warren S. Kinsler
- Nate J. Kowalski
- Tien P. Le
- Alex A. Lozada
- Kimberly C. Ludwin
- Bryan G. Martin
- Paul Z. McGlocklin
- Stephen M. McLoughlin
- Anna J. Miller
- Jacquelyn Takeda Morenz
- Kristin M. Myers
- Katrina J. Nepacena
- Adam J. Newman
- Anthony P. Niccoli
- Aaron V. O'Donnell
- Sharon J. Ormond
- Gabrielle E. Ortiz
- Beverly A. Ozowara
- Chesley D. Quaide
- Rebeca Quintana
- Elizabeth J. Rho-Ng
- Todd M. Robbins
- Irma Rodríguez Moisa
- Brooke Romero
- Alyssa Ruiz de Esparza
- Lauren Ruvalcaba
- Scott J. Sachs
- Gabriel A. Sandoval
- Peter A. Schaffert
- Constance J. Schwindt
- Justin R. Shinnefield
- Amber M. Solano
- David A. Soldani
- Dustin Stroeve
- Constance M. Taylor
- Mark W. Thompson
- Emaleigh Valdez
- Jonathan S. Vick
- Jabari A. Willis
- Sara C. Young
- Elizabeth Zamora-Mejia
Archives
2024
2022
2021
2020
2019
2018
- December 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- January 2018
2017
- November 2017
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
2015
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
2014
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
2013
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
2012
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012