California AG Releases 2016 Data Breach Report | Practical Law

California AG Releases 2016 Data Breach Report | Practical Law

The California Attorney General has released a Data Breach Report providing a comprehensive analysis of reported data breaches from 2012 to 2015. The report includes recommendations for organizations and policy makers to reduce the frequency and impact of future breaches.

California AG Releases 2016 Data Breach Report

Practical Law Legal Update w-001-4514 (Approx. 3 pages)

California AG Releases 2016 Data Breach Report

by Practical Law Intellectual Property & Technology
Published on 19 Feb 2016USA (National/Federal)
The California Attorney General has released a Data Breach Report providing a comprehensive analysis of reported data breaches from 2012 to 2015. The report includes recommendations for organizations and policy makers to reduce the frequency and impact of future breaches.
On February 16, 2016, California Attorney General Kamala Harris released the 2016 California Data Breach Report. The report details the nature of data breaches reported to the Attorney General's office over the past four years, finding that between 2012 and 2015, there were 657 data breaches, which compromised over 49 million records of Californians’ personal information.
The report also:
  • Includes information on the most common types of data breached, noting that over the past four years, the top three types were:
    • social security numbers;
    • payment card data; and
    • medical information.
  • Explains the types of breaches and identifies which types different industry sectors were most susceptible to.
  • Provides recommendations for both organizations and state policy makers to reduce the frequency and impact of future breaches.
The report recommends, among other things, that organizations:
  • Adopt at least the 20 controls in the Center for Internet Security’s Critical Security Controls as a base-level they should meet in developing a comprehensive information security program.
  • Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.
  • Consistently use strong encryption to protect personal information on laptops and other portable devices and consider using it for desktop computers.
  • Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files.
The report also recommends that California policy makers harmonize state breach laws.