California Data Breach Report and Recommendations Establishing Minimum Standard of Care

In February 2016, California’s attorney general released a comprehensive analysis of data breaches reported to her office from 2012 to 2015 and issued recommendations to improve privacy and security practices. The recommendations establish a minimum standard of care for safeguarding personal information. The California recommendations state that “[t]he failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.” In addition, the report recommends the use of multifactor authentication, strong encryption of data in transit, and fraud alerts on credit files for victims of data breaches involving Social Security or driver’s license numbers.View the report.