PS 021 - SIMM 5340- C: Requirements to Respond to Incidents Involving a Breach of Personal Information UPDATESProcedures/Standards Update: July 2022
Agency Chief Information Officers (AIO)
Chief Information Officers (CIO)
Information Security Officers (ISO)
SIMM 5340- C: Requirements to Respond to Incidents Involving a Breach of Personal Information UPDATES
CDT, OIS developed the Requirements to Respond to Incidents Involving a Breach of Personal Information (SIMM 5340-C) to ensure adherence to breach notification requirements. Civil Code Sections §1798.29, §1798.81.5 and §1798.82 were amended by AB 825 (Ch 527, Statutes of 2021) to add genetic data as a breach “notice- triggering” data element. SIMM 5340-C and the corresponding breach notification templates were updated to include the new element. All agencies/state entities must ensure that incident response to breach of personal information for their respective organization(s) comply with the updated standards outlined in SIMM Section 5340-C.
The purpose of this Procedures/Standards update is to announce:
- SIMM 5340-C, the definition of personal information was revised to include genetic data as a “notice- triggering” element.
The following reference materials are associated with this procedures/standards update. SIMM is available on the CDT’s website located at Policy – SIMM. The State Administrative Manual (SAM) is available on the Department of General Services website located at: SAM – DGS.
- SAM Section 5100
- SAM Section 5300.3
- SAM Section 5340
- SIMM Section 5340-C