Roughly 3 months after suffering an infringement of personal information, Washington Town Health Care District has tendered an infringement notification to the California Attorney General’s Office describing an infringement of personal information of Californians.
The information infringement was found out on October 8, 2015, and included the possible opening of a Washington Community Health Resource Library computer system by an illegitimate person. In the incident, a library ID card record was possibly compromised. The record contained names, addresses, as well as drivers’ license numbers. In the security breach, other data were left unchanged. Upon discovery of the security infringement, an investigation was initiated and an external computer forensics company was hired in this respect. Even though no proof was found to suggest the record file was opened, it remains a probability.
As a reaction to the infringement, information security plans are being studied and will be revised, as required, to reinforce security. Right now, it’s not clear how many persons were influenced. All have been offered one year of credit supervising services free of charge.
Revised Californian Infringement Notification Laws Now Operational
October updates to California infringement notification laws came into effect on January 1, 2016. The new laws demand all organizations suffering data infringements that affect Californians to issue infringement notices in a fresh format to help understand.
The law modification demands infringement notification letters to be written in simple English, have the heading “Notice of Data Breach”, as well as offer information under particular headings: “What Occurred?”, “What Kind of Information Was Entailed?”, “What Are We Performing?”, “What Can You Perform?” and “For Additional Information.”
The organization suffering the infringement is additionally demanded to put a “Notice of Data Breach” in a conspicuous place on its website, if one is maintained, and that should remain for a period of more than 30 days. A digital copy of a sample infringement notice should also be dispatched to the California Attorney General’s office in case of an infringement of “personal information” affecting over 500 people.
Infringement notification letters should be issued within a reasonable time, except when doing so might undermine a law enforcement inquiry. It’s unclear whether this was the issue and was the reason for the adjournment. Under the fresh infringement notification rules, if this is the situation it should be stated in the notices.