Corporate > AG Deal Diary > California Enacts New Data Protection, Notification and Remedy Law
02 Oct '14

On Tuesday, California Governor Jerry Brown signed into law a new data protection bill, which comes amid revelations of additional high-profile data breaches at Supervalu and Albertson’s grocery stores. 

Assembly Bill 1710 now requires businesses in California to provide one year of credit monitoring and identity theft protection services free of charge to customers who are affected by a data breach in which their Social Security numbers, driver's license number or California identification card numbers are breached.  The bill also extends current data security obligations for businesses to companies who own or license customer information according to the bill’s co-author, Assemblyman Roger Dickinson.

Many states currently have data breach laws requiring notification to consumers in the event of a breach, but AB 1710 is the first to require the provision of credit monitoring and identity theft services.  California is well-known as a bell weather for major policy changes in state legislatures across the country, and it is possible that AB 1710 will be the first of several similar laws enacted in other states.  Additionally, many of California’s laws serve as models for Congressional action at the federal level.

The law will become effective on January 1, 2015.