CA SB1444

Requires state agencies that own or license computerized data containing personal information to develop a computerized personal information security plan detailing their strategy to respond to security breaches.

Security plans must include an inventory of personal information held, identification of resources and an incident response team, communication procedures for breach notification, and training policies for personnel.

Plans must include a process for regularly reviewing and improving the security plan to address evolving threats.

Establishes legislative findings noting that since 2012, 657 data breaches have exposed over 49 million records to fraudulent use, with malware and hacking attacks presenting the greatest risk.

Applies to personal information as defined in existing California information privacy law, including social security numbers, driver's license information, and dates of birth.