BILL NUMBER: SB 1444INTRODUCED BILL TEXT INTRODUCED BY Senator Hertzberg FEBRUARY 19, 2016 An act to amend Section 1798.21 of the Civil Code, relating to personal information. LEGISLATIVE COUNSEL'S DIGEST SB 1444, as introduced, Hertzberg. Personal information: privacy: state agencies: mitigation and response plans. Existing law authorizes an agency, as defined, to maintain in its records only that personal information that is relevant and necessary to accomplish a purpose of the agency, required or authorized by the California Constitution or statute, or mandated by the federal government. Existing law requires each state agency that maintains personal information to establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with law, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards to the security or integrity of the records that could result in any injury. Existing law requires an agency that owns or licenses computerized data that includes personal information, as defined, to disclose a breach of the security of the system in the most expedient time possible and without unreasonable delay, as specified. This bill would require a state agency that owns or licenses computerized data that includes personal information to prepare a mitigation and response plan for breach of the database that contains the personal information. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 1798.21 of the Civil Code is amended to read: 1798.21.Each(a) Each agency shall establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with the provisions of this chapter, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards totheirthe security or integritywhichof the records that could result in any injury. (b) An agency that owns or licenses computerized data that includes personal information shall prepare a mitigation and response plan for breach of the database that contains the personal information.