Wellpoint Class Action

Investigation Information, lawsuit news & updates

Case evaluation:

Recent News:

Securities Exchange Act of 1934
Posted on: 04.23.2008.
The Securities Exchange Act of 1934 is a law governing what is and is not legal in the secondary trading of securities (stocks, bonds, and debentures). The Act, 48 Stat. 881 (June 6, 1934), codified at 15 U.S.C. § 78a et seq., was a sweeping piece of legisl...

Class Action Filed by Schiffrin Barroway Topaz & Kessler, LLP
Posted on: 04.23.2008.

RADNOR, Pa., 4/22/2008 -- The following statement was issued by the law firm of

Latest Comments

No comments at the moment

Database Security Breach Notification Act (CA SB 1386)

California SB 1386 became effective in on 1st July 2003, amending civil codes 1798.29, 1798.82 and 1798.84.. It is a serious bill, with far reaching implications. Essentially, it requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed). The bill mandates various mechanisms and procedures with respect to many aspects of this scenario, subject also to other defined provisions.
SB 1386 is a California law regulating the privacy of personal information. The law was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003.

ABSTRACT: Enactment of a requirement for notification to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

The statute went into effect July 1, 2003, under California Civil Code Section 1798.29, and requires notification to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

Frequently asked questions:

Q: Can you tell me if this means an out of state corporation must notify a CA resident if their info is compromised, even if they have no nexus with CA?

The statute requires notification if you meet the following:
(1) Any agency that owns or licenses computerized data that includes personal information
(2) shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data
(3) to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

My read is that any out of state corporation that has personal information relating to a California resident would fall under this statute. A question on minimum contacts would then ensue as to whether an action may be brought in California to enforce the California resident's rights under the statute.

Q: How can the corporations determine whether they are subject to this statute?

(1) Does their data include "personal information" as defined by the statute?
(2) Does that "personal information" relate to a California resident?
(3) Was the "personal information" unencrypted?
(4) Was there a "breach of the security" of the data as defined by the statute?
(5) Was the "personal information" acquired, or is reasonably believed to have been acquired, by an unauthorized person?
If you answer yes to all five of these questions then you must report.
The statute does not apply to "encrypted" information. Thus one way to avoid reporting is to encrypt all "personal information." You can also avoid reporting if your data does not contain "personal information" relating to a California resident.
Text of CB 1386

Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow.

10.23.2007.