California SB 1386 and AB 1950

California SB 1386 and AB 1950 require organisations operating in the State of California to notify Californians if personal/private information is disclosed during a security breach.
Personal information is defined as an individual’s first name or first initial and last name with any of the following;

Social Security number,

Driver’s license number or California Identification Card number, or

Account number, credit or debit card number, in combination with an authentication token which would allow access to the account in question.

AB 1950 added medical information to the information to be protected, and extended the responsibility to organizations outside of the State if information on Californian residents is collected.

The Snare Server, from InterSect Alliance, provides a centralised collection, analysis, reporting and archival function for a variety of audit log sources, and is used by several organisations to meet federal guidelines associated with SB 1950/AB 1386.

---

Snare provides a central collection, analysis, reporting and archival capability for a variety of operating systems, appliances, and servers, including:
Windows NT/2000/XP/2003	Linux	Solaris	AIX	Irix
Tru64	ACF2	RACF	CISCO Routers / IOS	CISCO 6500 Firewall
CISCO Pix Firewall	CyberGuard Firewall	CheckPoint Firewall 1	Gauntlet Firewall	Netgear Firewall
Netgear Router	Netscreen Firewall	Nortel VPN devices	IPTables Firewall	Microsoft ISA Server
Microsoft IIS Server	Microsoft FTP Server	Microsoft Exchange Server	Microsoft Chat Server	Microsoft Proxy Server
Apache	Squid	Point of Sale terminals (POS)	Lotus Notes	Snort NIDS
IBM Socks Server	Universal Log Format	Generic Syslog Data