On October 11, 2019, California Governor Gavin Newsom signed into law Assembly Bill 1130, which amends The Information Practices Act of 1977, as well as California Civil Code §§ 1798.29, 1798.81.5 and 1798.82.
The bill expands the definition of "personal information" under the California data breach notification statutes applicable to businesses and to government agencies (Cal. Civ. Code §§ 1798.29, 1798.82), as well as the California information security standards statute, which requires businesses to implement and maintain reasonable security measures to protect personal information (Cal. Civ Code § 1798.81.5).
"Personal information" previously included (when combined with an individual's name) a Social Security number, driver's license number, California identification card number, financial account number with means to access the account, medical information, health insurance information, username or email with password (individual's name not necessary), and information collected by automated license plate recognition systems.
Following the passage of AB 1130, "personal information" now also includes the following data elements:
Tax identification numbers; Passport numbers; Military identification numbers; Unique identification numbers issued on a government document commonly used to verify the identity of a specific individual; and Unique biometric data such as a fingerprint...