What does “Building Security in Business Requirements” mean? “Business Security Requirements,” short for BSR, focuses on gathering security requirements in a structured and uniform method. This process enables businesses to build business and technical requirements in... Read MoreRead more about What does “Building Security in Business Requirements” mean?
Why must state agencies submit their notices to the Office of Information Security for review and approval before they are released to affected individuals? In order to be effective and helpful to individuals placed in jeopardy by a breach, the notice must contain the... Read MoreRead more about Why must state agencies submit their notices to the Office of Information Security for review and approval before they are released to affected individuals?
Are there alternatives to making notification by written letter to the individual? Yes. The law provides for substitute notification (see Civil Code Section 1798.29(g) (3)) such that the notice must be made by email, website posting, and major statewide media (all... Read MoreRead more about Are there alternatives to making notification by written letter to the individual?
What must the notice say? The notice must contain the appropriate elements given the facts involved. To be helpful to the recipient, the notice must contain, at a minimum, a clear indication of what happened, what specifically is at risk, and what the recipient can or... Read MoreRead more about What must the notice say?
What other authority does the state have which supports the notification requirement? State policy was adopted to require the reporting of security incidents involving personal, confidential, or sensitive information maintained in paper documents and other media... Read MoreRead more about What other authority does the state have which supports the notification requirement?