Photo of Robin B. Campbell

Robin B. Campbell is a senior counsel and co-chair of the firm's Privacy & Cybersecurity Group. She is also a member of the firm's Health Care Group. She focuses on the development and implementation of information management strategies for the handling of personal information, including employee, customer, and consumer information. Robin provides a variety of privacy and security counseling, and has twice been seconded to clients to serve as their in-house privacy lead, once in the health care industry and once in the automotive industry.

On September 30, 2014, California Governor Jerry Brown signed into law Assembly Bill 1710, which contains a new set of personal information protections that affect all businesses that “own, license, or maintain personal information about Californians.” In what may become a precedent for other jurisdictions, the law includes the nation’s first mandatory state requirement for breached entities to offer breach mitigation services – including credit monitoring – to all affected individuals. Further, the law includes new restrictions on the sale of social security numbers (SSNs). These amendments to the existing California Civil Code Sections 1798.81.5, 1798.82, and 1798.85 will take effect on January 1, 2015.

While offering some sort of breach mitigation services has become common practice for breached entities, California will now require any notifying entity that is the source of a breach to “offer to provide appropriate identity theft prevention and mitigation services … at no cost to the affected person for not less than 12 months.” This obligation will apply only to breaches involving Californians’ names combined with an SSN, driver’s license number, or California ID number.

Continue Reading