Doug Simpson points out that California’s Office of Privacy Protection has issued a set of recommendations for businesses to comply with California’s requirement that they notify customers of security breaches (California Guide on Disclosure of Personal Info Security Breach). You can find links to all of California’s recommendations here (Recommended Practices). The specific guide is here (Recommended Practices on Notification of Security Breach Involving Personal Information [PDF]). The 39-page document covers protection and prevention, preparation for notification and notification itself. Additionally, it has many other resources, such as sample notification letters and the California laws in question and a benchmark study on compliance.
From: [The Importance Of]