What is a data breach?
California law defines a breach very specifically: an unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the entity (meaning a business).
This includes anything defined as personal information under the CCPA. This is sometimes called “name +” - an individual’s name PLUS something else, like a social security number, driver's license number, etc.
In case of a breach, an organization may be required to notify any individual whose unencrypted personal information was subject to the data breach. If a company needs to notify more than 500 California residents as a result of a single breach, the company needs to notify the Attorney General as well.
Make sure your preparation and compliance plans are up to speed, to minimize the consequences of any data breach.