Certified Information Privacy Professional – United States (CIPP/US) — Question 109

California’s SB 1386 was the first law of its type in the United States to do what?

Answer options

• A. Require commercial entities to disclose a security data breach concerning personal information about the state’s residents
• B. Require notification of non-California residents of a breach that occurred in California
• C. Require encryption of sensitive information stored on servers that are Internet connected
• D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices

Correct answer: A

Explanation

The correct answer is A because California's SB 1386 specifically requires businesses to disclose data breaches involving personal information of state residents. The other options do not accurately reflect the law's requirements, as they pertain to notifications outside of California, encryption mandates, or enforcement of federal laws, which are not covered by SB 1386.