The Governor of California State has signed several bills into law directed at protecting data privacy. These include a bill that amends provisions of the Californian Information Practices Act (IPA) to prohibit the sale, advertisement for sale or offer to sell of an individual’s social security number, together with a number of changes regarding data breach notification requirements [PeepBeep!]. Most significantly, if an entity providing a data breach notification was the origin of the breach, it must offer to provide identity theft prevention and mitigation services at no cost for at least one year to those individuals who had (or may have had) certain personal information exposed.

In 2016, California will also introduce the highest level of statutory protection for student privacy within the US, the Student Online Personal Information Protection Act (SOPIPA). SOPIPA applies to operators of websites, online services, online applications or mobile applications. While it authorises disclosure of a student’s covered information under specified circumstances, SOPIPA prohibits actions such as selling a student’s information or knowingly engaging in targeted advertising to students or their guardians.

SOPIPA also requires that operators implement and maintain reasonable security procedures and practices. These include protecting student information from unauthorised access, destruction, use, modification or disclosure; deleting a student’s covered information upon request of a school or district; and, limiting schools’ monitoring of student social media accounts.

Alison Knight