Definition of “Reasonable” Information Security in California

On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 (the “Report”), which provided a comprehensive analysis of the data breaches reported to the Attorney General’s office during the covered years, as well as set forth concrete recommendation for minimum data security that would be considered “reasonable” under California law.

 

According to the Report, in the past four years, the Attorney General has received reports on 657 data breaches, affecting a total of over 49 million records of Californians. These breaches occurred in all sectors of the economy. The greatest threat to security, both in the number of breaches and the number of records breached, was presented by malware and hacking, followed by physical breaches, breaches caused by insider errors, and breaches caused by insider misuse. The most breached data types were Social Security numbers and medical information.

 

To read the full blog post, click here.