California Senate Bill 1386 of 2002 (SB 1386)


Also known as the Database Breach Notification Act, SB 1386 was drafted to protect electronically stored personal information of Californian residents.

SB 1386 requires organizations disclose any security breach of unencrypted personal information.

SB 1386 does not depend on an audit committee or regulatory body for compliance; instead the power is in the hands of California residents and the State of California.

These organizations are required to demonstrate due diligence in protecting customer databases from internal and external threats and unauthorized access. This level of security is necessary to ensure companies maintain data integrity and privacy for employees, customers, and shareholders.

If a company experiences a security breach and does not notify the affected Californian residents in an expedient manner, the State can bring criminal proceedings against the company and the affected residents can initiate civil actions to recover damages.

Using Pivot Group to Assist with SB 1386 Compliance

  • Policies, Processes, and Procedures Reviews and Improvement
  • Risk Assessments
  • Monitoring, Auditing, and Reporting
  • Technology Recommendations and Deployment
  • Best Practice Education
  • Incident Response Program Development

For more information about California SB 1386, please refer to our Resource Guide.