(a) (1) It is the intent of the Legislature to ensure that personal information about California residents is protected. To that end, the purpose of this section is to encourage businesses that own, license, or maintain personal information about Californians to provide reasonable security for that information. (2) For the purpose of this section, the terms âownâ and âlicenseâ include personal information that a business retains as part of the businessâ internal customer account or for the purpose of using that information in transactions with the person to whom the information relates. The term âmaintainâ includes personal information that a business maintains but does not own or license. (b) A business that owns, licenses, or maintains personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. (c) A business that discloses personal information about a California resident pursuant to a contract with a nonaffiliated third party that is not subject to subdivision (b) shall require by contract that the third party implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. (d) For purposes of this section, the following terms have the following meanings: (1) âPersonal informationâ means either of the following: (A) An individualâs first name or first initial and the individualâs last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted: (i) Social security number. (ii) Driverâs license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual. (iii) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individualâs financial account. (iv) Medical information. (v) Health insurance information. (vi) Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. Unique biometric data does not include a physical or digital photograph, unless used or stored for facial recognition purposes. (vii) Genetic data. (B) A username or email address in combination with a password or security question and answer that would permit access to an online account. (2) âMedical informationâ means any individually identifiable information, in electronic or physical form, regarding the individualâs medical history or medical treatment or diagnosis by a health care professional. (3) âHealth insurance informationâ means an individualâs insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individualâs application and claims history, including any appeals records. (4) âPersonal informationâ does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (5) âGenetic dataâ means any data, regardless of its format, that results from the analysis of a biological sample of an individual, or from another source enabling equivalent information to be obtained, and concerns genetic material. Genetic material includes, but is not limited to, deoxyribonucleic acids (DNA), ribonucleic acids (RNA), genes, chromosomes, alleles, genomes, alterations
‹ Prev All California sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.