TO:
Agency Chief Information Officers (AIO)
Chief Information Officers (CIO)
Information Security Officers (ISO)
SUBJECT:
SIMM 5340- C: Requirements to Respond to Incidents Involving a Breach of Personal Information UPDATES
BACKGROUND:
CDT, OIS developed the Requirements to Respond to Incidents Involving a Breach of Personal Information (SIMM 5340-C) to ensure adherence to breach notification requirements. Civil Code Sections §1798.29, §1798.81.5 and §1798.82 were amended by AB 825 (Ch 527, Statutes of 2021) to add genetic data as a breach “notice- triggering” data element. SIMM 5340-C and the corresponding breach notification templates were updated to include the new element. All agencies/state entities must ensure that incident response to breach of personal information for their respective organization(s) comply with the updated standards outlined in SIMM Section 5340-C.
PURPOSE:
The purpose of this Procedures/Standards update is to announce:
-
- SIMM 5340-C, the definition of personal information was revised to include genetic data as a “notice- triggering” element.
REFERENCES:
The following reference materials are associated with this procedures/standards update. SIMM is available on the CDT’s website located at Policy – SIMM. The State Administrative Manual (SAM) is available on the Department of General Services website located at: SAM – DGS.
-
- SAM Section 5100
- SAM Section 5300.3
- SAM Section 5340
- SIMM Section 5340-C