California’s data breach notification law has now expanded to cover medical information. AB1298, which took effect on Tuesday, extends notification requirements from financial information to include unencrypted medical histories or information, as well as unencrypted insurance policy information.

The information must include the name of the resident, but it does not require a Social Insurance Number in order to trigger the notification. The law will be applied to the government and any business within California (including those with headquarters outside the state).

Robert Herrell, a legislative assistant to Assemblyman Dave Jones, D-Sacramento, who wrote the bill, says:

“We may be as unpleasantly surprised with this becoming law as (with) the data-breach notification law in 2003.”

Essentially, this law will be showing us just how many breaches have been happening without any public knowledge. This is a step forward in addressing the growing issue of medical identity theft.

Via sfgate ; Tags: data breach, california, medical, medical information, data breach notification, law