California Governor Arnold Schwarzenegger recently signed legislation amending California's landmark notice of security breach law. Though the California law was the first of its kind in the nation, other states already had passed more comprehensive disclosure requirements. California law requires disclosure of security breaches involving "personal information," which previously was defined as an individual's name in addition to: Social Security number; driver's license number or California identification card number; or an account number, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

The recent amendment to the California law added two new categories of information to the definition of "personal information": "medical information" and "health insurance information" — both of which now must be disclosed under this law. "Medical information" is defined as any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. "Health insurance information" is an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records.

This amendment becomes effective January 1, 2008, and represents a dramatic increase in the scope of the California law, particularly for those in the health care and insurance industries as well as for any company that retains medical or health insurance information regarding its employees or customers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.