California Data Breach Statute Analysis

◈ California Civil Code 1798:29 and 1798:80
◈ Reporting Portal | Breach Database
⭐ #1 in our Breach Statute Ranking

Analysis Links

Format, analysis

Comprehensive

Sections + PHI

Infosec + PHI

Dashboard, unique

Concise, effective

California Breach Notification Info

Notice Policy Rating

16 (of 29)

Deadline for Notice?

Timeframe

w/o delay

3rd Party Deadline

Immediate

AG Notify Thresh

500

CRA Notify Thresh

–

Exceptions:

HIPAA-Covered Entities, Own Notification Policy

California Data Breach Harm Thresholds

View Harm Threshold Analysis

Harm Thresh Rating

14 (of 22)

Data Trigger

Aquisition

Harm Trigger

–

Risk Trigger

–

Harm Analysis Req?

Encrypt Safe Harbor?

Yes

Statute refers to:	computerized data that contains PI
Partial breach def:	unauthorized acquisition

California Breach Fines & Enforcement

Enforce Score

20 (of 25)

Fine Amount

$750

Fine Per

Person/Incident

Max Fine

–

Criminal Penalties?

Private Right of Action?

Yes

Enforce Notes:

Violations may result in civil penalties.

California Breaches: Personal Data Covered

View PII Coverage Comparison

PII Coverage Score

11 (of 24)

SSN / DL / IDs

Yes

Passport

Yes

CC# / Fin$

Yes

PHI / Health Ins #

Both

Online Accounts

–

Tax IDs

Yes

Biometrics

Yes

Exempt Public Data?

Yes

Exempt Gov Records?

Yes

Exempt Wide Distrib?

–

Other Data Covered:	ALPR
Combos that trigger:	First+Last+[Item from List], [User/Email]+[Authentication]
Includes Paper Recs?:	No

Other Data Sets from PrivacyPlan

Privacy Podcast DB

Visit the Privacy Podcast Database. Over 100 privacy-related podcasts!

Data Broker DB

Preiew our huge database of Data Brokers. 1361 organizations and counting.

California2

Analysis Links

California Breach Notification Info

California Data Breach Harm Thresholds

California Breach Fines & Enforcement

California Breaches: Personal Data Covered

Other Data Sets from PrivacyPlan

Privacy Podcast DB

Data Broker DB