California AB-1298 is a state data privacy law which protects personally identifiable information. California AB-1298 in was signed into law October 14, 2007 and became effective January 1, 2008. The law applies to any person, business, or state agency that conducts business in California and owns or licenses unencrypted computerized data that includes personally identifiable information.

This law is an amendment to California SB-1386 to include medical information and health information in the definition of personal information.

The regulation looks for at least one match to personally identifiable information, as defined through the following content blades:

  • Admittance and Discharge Dates

  • Credit Card Numbers

  • Credit Card Track Data

  • Group Insurance Numbers

  • Health Plan Beneficiary Numbers

  • Healthcare Dictionaries

  • Medical History

  • Patient Identification Numbers

  • US Drivers License Numbers

  • US National Provider Identifiers

  • US Social Security Numbers