Posted on January 13, 2012 by Candace J. Martin

California Attorney General Launches On-line Breach Reporting Form

The California Attorney General recently launched an on-line form for businesses to report breaches of security. Effective January 1 of this year, any person or business who issues a breach notification to more than 500 California residents as a result of a single breach is required under the California breach law ((California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a)) to submit notice of the breach to the California Attorney General. The form requires businesses to upload a copy of a sample breach notification form and to submit additional information related to the breach, including:

·         The Date of the breach

·         Date notice was provided to affected individuals

·         Type of personal information involved

·         Type of breach

In addition to the on-line reporting form, the new site also includes a section where residents can view a listing of all breaches that have been submitted to the Attorney General’s office.

Tags: , , , ,
Posted on November 18, 2009 by Christopher Wolf

Agencies Issue Model GLBA Form That Provides Safe Harbor

The Gramm-Leach-Bliley Act ("GLBA") requires covered institutions to notify consumers of their information-sharing practices and inform them of their right to opt out of certain sharing practices.  For years, people have been complaining that the notices sent to consumers were dense and confusing.  Indeed, the Financial Services Regulatory Relief Act of 2006 amended GLBA to required that the financial regulatory agencies propose a succinct, comprehensible model form that would allow consumers to compare easily the privacy practices of different financial institutions, and one that would be easy to read.

Yesterday, after a lengthy drafting process, eight federal regulatory agencies (the Board of Governors of the Federal Reserve System; thr Commodity Futures Trading Commission; the Federal Deposit Insurance Corporation;  the Federal Trade Commission; the National Credit Union Administration; the Office of the Comptroller of the Currency; the Office of Thrift Supervision; and Securities and Exchange Commission) released a final model privacy notice form designed to make it easier for consumers to understand how financial institutions collect and share information about consumers.   The model form provides standardized language in easy-to-read form.

According to the FTC press release, "the agencies conducted extensive consumer research and testing in developing the model form issued today.  Then they solicited public comments and considered those comments in developing a model form that is easier for consumers to understand and use."

The final rule provides that a financial institution that chooses to use the model form obtains a “safe harbor” and will satisfy the disclosure requirements for notices.  Here is a link to the FTC announcement of the model form, which contains links to the form and the rule adopting it.

Tags: , , ,