We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is SB 1386?

Jessica Ellis
By
Updated: May 17, 2024
Views: 5,170
Share

SB 1386, also known as the Security Breach Law, is a California law that regulates customer notification of security breaches that pose a risk to the security of private information. The 2003 law is a landmark piece of legislation that amended earlier laws in an attempt to fight increasing levels of computerized identity theft. SB 1386 makes any company that requests or maintains private information, such as account numbers or driver's license numbers, legally required to notify California residents of any security breach that poses a reasonable risk to personal data.

The goal of SB 1386 is partly to ensure that companies take adequate precautions in guarding private data. Just as a person wouldn't put valuables in a safe from a company known for poor locks, neither should a person put important personal data in the hands of a business that does not take fair measures to ensure that it cannot be stolen and used for identity theft person. Critics suggest that the law unfairly requires victims, meaning the businesses, of a crime like hacking publicly announce their victimization. Proponents, on the other hand, suggest that the true victims are those whose data has been compromised, and that the law prevents companies from preserving their reputation by concealing security breaches at a risk to the safety of employees or customers.

Though identity theft has long been a criminal element, the anonymity of the Internet has given thieves a far greater opportunity to make use of stolen personal data. The law was created in response to law enforcement studies that noticed a marked rise in the levels of identity theft since use of computerized, Internet-accessible databases became popular. By making companies responsible for the safety of employee or customer data, SB 1386 took a large step toward changing the concept of the value of personal data.

SB 1386 specifically requires that three types of companies speedily inform customers of a breach: those that have any employees or customers in California, outsourced companies that work with employees or customers in California, or those that gather and hold any computerized information on California residents. The law covers the behavior of all organizations, including private businesses, schools, and public offices.

A breach requires reporting if there is a reasonable belief that information may have been compromised. Information that qualifies for report includes the first and last name or first initial and last name of any customer or employee in combination with personal data such as a driver's license, Social Security card, bank account number, credit or debit card information, or security passwords. If a breach is suspected, any person with database entry must be promptly notified by email, phone call, letter, or prominent post on company website. Failure to comply with SB 1386 can result in a civil lawsuit.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Jessica Ellis
By Jessica Ellis
With a B.A. in theater from UCLA and a graduate degree in screenwriting from the American Film Institute, Jessica Ellis brings a unique perspective to her work as a writer for WiseGeek. While passionate about drama and film, Jessica enjoys learning and writing about a wide range of topics, creating content that is both informative and engaging for readers.

Editors' Picks

Discussion Comments
Jessica Ellis
Jessica Ellis
With a B.A. in theater from UCLA and a graduate degree in screenwriting from the American Film Institute, Jessica Ellis...
Learn more
Share
https://www.wisegeek.net/what-is-sb-1386.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.