“Personal information” means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including his or her name, signature, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
“Personal information” as used in this section means any information that when it was disclosed identified, described, or was able to be associated with an individual and includes all of the following: height; weight; medical condition; drugs, therapies, or medical products or equipment used.
When customer records that contain personal information (including medical information) are no longer to be retained, a business shall take all reasonable steps to dispose of the records by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.
This section defines "personal information" to include medical information. The section defines "medical information" as any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. The section excludes from the meaning of "personal information" any publicly available information that is lawfully made available to the general public from federal, state, or local government records.
With some exceptions, if a business has an established business relationship with a customer and has within the immediately preceding calendar year disclosed personal information, including medical conditions and drugs, therapies, or medical products/equipment used, to third parties that used the personal information for direct marketing purposes, that business shall, upon request from the customer, provide to the customer free of charge: (1) a list of the categories of personal information disclosed by the business to third parties for the third parties' direct marketing purposes during the i
A business that owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. A business that discloses personal information about a California resident pursuant to a contract with a nonaffiliated third party shall require by contract that the third party implement similar security procedures.
Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any security breach to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.