Notice Triggering Data Review Requirement

Requirement to Conduct an Annual Notice Triggering Data Review

Campus Administrative Officials are required to conduct an annual review of their electronic record systems and register all systems containing notice triggering data.

Background

California SENATE BILL 1386 amended the California Information Practices Act (IPA -- Civil Code 1798.29, 1798.82) to require that any business or agency that uses a computer to store certain types of unencrypted personal information about a California resident, must immediately notify that individual, upon discovering any breach to the computer system on which this information is stored.

Definition of "personal information"

(from CA Civil Code Sections 1798.29, .82, .84, as amended by SB1386:)

(e)  For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

      (1)  Social security number.
      (2)  Driver's license number or California Identification Card number.
      (3)  Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
      (4)  Medical information.
      (5)  Health insurance information. 

Definition of "notice triggering" data

Notice triggering data is our Campus term for the set of personal information specified in the IPA, that if breached, would require Campus to make a notification.

Related Resources