States-CA

California Breach Notification Info

Notice Policy Rating

16 (of 29)

Deadline for Notice?

No

Timeframe

w/o delay

3rd Party Deadline

Immediate

AG Notify Thresh

500

CRA Notify Thresh

Exceptions: HIPAA-Covered Entities, Own Notification Policy

California Data Breach Harm Thresholds

Harm Thresh Rating

14 (of 22)

Data Trigger

Aquisition

Harm Trigger

Risk Trigger

Harm Analysis Req?

No

Encrypt Safe Harbor?

Yes
Statute refers to: computerized data that contains PI
Partial breach def: unauthorized acquisition

California Breach Fines & Enforcement

Enforce Score

20 (of 25)

Fine Amount

$750

Fine Per

Person/Incident

Max Fine

Criminal Penalties?

No

Private Right of Action?

Yes
Enforce Notes: Violations may result in civil penalties.

California Breaches: Personal Data Covered

PII Coverage Score

11 (of 24)

SSN / DL / IDs

Yes

Passport

Yes

CC# / Fin$

Yes

PHI / Health Ins #

Both

Online Accounts

Tax IDs

Yes

Biometrics

Yes

Exempt Public Data?

Yes

Exempt Gov Records?

Yes

Exempt Wide Distrib?

Other Data Covered: ALPR
Combos that trigger: First+Last+[Item from List], [User/Email]+[Authentication]
Includes Paper Recs?: No