Businesses operating in California and Nevada will need to examine the security measures that protect “personal information” that they share with others as part of their operations.
The two states are expanding the definition of “personal information” and are requiring companies that share the information to not only take extra security precautions themselves when managing the information, but to ensure that any entities they share information with also abide by strict security measures.
In a recent alert to clients and others, the law firm Ballard Spahr cautioned that companies doing business in the two states need to immediately review their “personal information” protection policies and systems.
California’s new law takes effect Jan. 1, 2016. Nevada’s took effect July 1.
The new regulations, which are similar, the firm said, apply “to two broad categories of businesses—those which own, license, or maintain personal information about California [and Nevada] residents, and businesses which, pursuant to contract, disclose personal information about California [and Nevada] residents to unaffiliated third parties,” the law firm said.
“When disclosing personal information, businesses are also required to ‘pay (the protection) forward’ by including, in the agreements with the third parties to whom information is disclosed, contractual provisions mandating implementation of reasonable security measures.”
The new regulations don’t apply to businesses that are already taking strict security measures, i.e., those bound by HIPAA rules.
The information covered by the regulations includes “a person’s name in combination with his or her Social Security number, driver’s license or [state] identification card, credit or debit card number and password, or medical information,” Ballard Spahr said. “When the amendments take effect, ‘personal information’ will also include a person’s name coupled with his or her health insurance information, and a username or email address in combination with a password or security question and answer that would permit access to an online account.”
Health insurance information that falls under the new laws include policy or subscriber identification numbers as well as “any unique identifier used by a health insurer to identify an individual, or any information in an individual’s application and claims history, including any appeals records.”
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Dan Cook
Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.
