California Expands Definition of Personal Information in Security Safeguards Statute | Practical Law

California Expands Definition of Personal Information in Security Safeguards Statute | Practical Law

California has expanded the definition of personal information in its security safeguards statute to include health insurance information and a username or email address combined with a way to access an online account.

California Expands Definition of Personal Information in Security Safeguards Statute

Practical Law Legal Update 9-617-4546 (Approx. 3 pages)

California Expands Definition of Personal Information in Security Safeguards Statute

by Practical Law Intellectual Property & Technology
Published on 16 Jul 2015California
California has expanded the definition of personal information in its security safeguards statute to include health insurance information and a username or email address combined with a way to access an online account.
On July 14, 2015, California Governor Edmund G. Brown signed A.B. 1541, expanding the definition of personal information (PI) in California's PI security safeguards statute (Cal. Civ. Code § 1798.81.5).
The newly-expanded definition covers:
  • Health insurance information, which includes:
    • an individual's insurance policy number or subscriber identification number;
    • any unique identifier used by a health insurer to identify the individual; or
    • any information in an individual's application and claims history, including any appeals records.
  • A user-name or e-mail address combined with a password or security question and answer for access to an online account.
The expanded definition brings the safeguards statute's definition in line with the definition of PI under the data breach notification statute (Cal. Civ. Code § 1798.82).