California AB-1298 is a state data privacy law which protects personally identifiable information. California AB-1298 in was signed into law October 14, 2007 and became effective January 1, 2008. The law applies to any person, business, or state agency that conducts business in California and owns or licenses unencrypted computerized data that includes personally identifiable information.
This law is an amendment to California SB-1386 to include medical information and health information in the definition of personal information.
The regulation looks for at least one match to personally identifiable information, as defined through the following content blades:
Admittance and Discharge Dates
Credit Card Numbers
Credit Card Track Data
Group Insurance Numbers
Health Plan Beneficiary Numbers
Patient Identification Numbers
US Drivers License Numbers
US National Provider Identifiers
US Social Security Numbers