CA AB1710

Requires businesses that own, license, or maintain personal information about California residents to implement and maintain reasonable security procedures and practices to protect against unauthorized access, destruction, use, modification, or disclosure.

Mandates that when a business is the source of a security breach exposing social security numbers or driver's license/ID card numbers, it must offer identity theft prevention and mitigation services at no cost to affected persons for at least 12 months.

Expands security breach notification requirements to include specific content such as breach date, description of incident, credit reporting agency contact information, and offers of identity theft protection services.

Prohibits the sale, advertisement for sale, or offer to sell of an individual's social security number, with limited exceptions for legitimate business purposes authorized by law.

Maintains existing restrictions on publicly posting social security numbers, printing them on access cards, requiring transmission over unsecured internet connections, or mailing them on materials not requiring an envelope.