California SB 1386 and AB 1950
California SB 1386 and AB 1950 require organisations operating in the State of California to notify Californians if personal/private information is disclosed during a security breach.
Personal information is defined as an individual’s first name or first initial and last name with any of the following;
Social Security number,
Driver’s license number or California Identification Card number, or
Account number, credit or debit card number, in combination with an authentication token which would allow access to the account in question.
AB 1950 added medical information to the information to be protected, and extended the responsibility to organizations outside of the State if information on Californian residents is collected.
The Snare Server, from InterSect Alliance, provides a centralised collection, analysis, reporting and archival function for a variety of audit log sources, and is used by several organisations to meet federal guidelines associated with SB 1950/AB 1386.