California governor signs data breach notification law

The Golden State is taking action following large scale data breaches at some of the country's most prominent health systems, which include UCLA Health.

A data breach notification law recently signed by California Gov. Jerry Brown included data encryption standards, as well as standards for defining personal information, according to an article at HealthITSecurity.com.

The bill signing comes just a few months after it was revealed that a hack of UCLA Health's computer network may have compromised personal and medical information for as many as 4.5 million individuals. 

The law includes three bills:

  1. Assembly Bill 964, which defines properly encrypted data as "rendered unusable, unreadable or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security."
  2. Assembly Bill 570, which says notifications must be titled "Notice of Data Breach," and must include subheadings covering everything from what happened, what information was compromised and what the patients and organization can do to in the wake of the breach.
  3. Assembly Bill 34, which says personal information now includes data captured by automated license plate recognition systems.

Seventy percent of breaches involving the California healthcare industry were due to unencrypted data on lost or stolen hardware or portable media in 2014, a problem that strong encryption would fix, according to a breach report from the state's attorney general.

To learn more:
- here's the HealthITSecurity.com article