The California Department of Technology's Office of Information Security says it has updated the State Information Management Manual (SIMM) to reflect new notification requirements for breaches of personal information.
The March 8 directive (.pdf) says agencies and departments must update their internal processes and procedures to comply with the new requirements enacted in legislation signed by the governor in 2015.
The three bills, which took effect on Jan. 1, 2016, are:
AB 964, which added a definition for the word “encrypted"
SB 34, which added Automated License Plate Recognition (ALPR) information as a “notice triggering" data element
SB 570, which specified format and content requirements for breach notifications.
