Cross Posted from California Peculiarities Employment Law Blog
Hernandez v. Sprouts Farmers Market, Inc., a case stemming from a phishing scam, emphasizes the need for California employers to implement comprehensive data protection and data breach notification policies and practices for personal employee information under the CDPA.
A story of a company suffering a data breach tops newspaper headlines almost daily. So how can you stay out of the “fuego,” and stay compliant with California laws about your employees’ and customers’ data?
California’s Data Protection Act—“Army Of One”
In 2003 California passed the nation’s first data breach notification statute: the CDPA. Since then, over 30 states have enacted similar statutes, but California remains the national leader in privacy and data security standards.
The CDPA mandates that any business that “owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.” And it requires a company to notify affected individuals of a data breach “in the most expedient time possible and without unreasonable delay.”