New California Law Mandates "Reasonable" Security Measures for All Personal Data Concerning California Citizens

In the latest of what seems to be a never ending series of California laws protecting the privacy and security of California residents, California has enacted the first over-arching data security law in the United States. The bill is broadly written, and requires companies that own or license personal information about a California resident, and do not encrypt that data, to: 1) implement and maintain reasonable security procedures and practices to protect the information from unauthorized access, destruction, use, modification or disclosure; and 2) to the extent the company provides personal information to third parties, to require by contract that the third party implement and maintain similar security measures.