California has amended its data breach notification law to include biometric and other identifiers.
The bill (AB 1130), signed by Gov. Gavin Newsom on October 11, revises the definition of personal information for purposes of data breach notification requirements to add specified unique biometric data and tax identification numbers, passport numbers, military identification numbers, and unique identification numbers issued on a government document in addition to those for driver’s licenses and California identification cards to these provisions.
This also authorizes a person or business that is required to issue a security breach notification to include in a notification for a breach involving biometric data, instructions on how to notify other entities that used the same type of biometric data as an authenticator to no longer rely on the data for authentication purposes.