Recent amendments to California statutes governing breach notification and data safeguards impose new obligations by: (1) enhancing breach notification requirements relating to offerings of “identity theft prevention and mitigation services”; (2) expanding the statutory requirement to implement reasonable security measures to protect personal information so that it applies not only to businesses that own or license personal information, but also to third party service providers that maintain such personal information for others; and (3) prohibiting the sale, advertisement for sale, or offer to sell an individual’s Social Security number. (Read more)