Home
About AAXIS
  The AAXIS Difference
  Leadership
  Partners
What We Do
  eBusiness Services
    Commerce Storefront
    Asset Management
    Customer Service
    Integration Services
    Customer Outreach
  System Optimization Services
    System Assessment
    Performance Tuning
    Capacity Planning
    Outage Analysis
  Compliance
    SOX
    GLBA
    SB1386
    HIPAA
  Custom Solutions
    Application Development
    Service Oriented Architecture
    Onsite Offshore Development
Industry Experience
Case Studies
Contact Us

California legislation SB 1386, signed into law in September 2002, requires all institutions and organizations that collect certain personal information to protect it against possible "identity theft." In addition, if an incident occurs that involves the compromise of personal information, the individuals whose personal information may have been compromised must be notified.

Requirements

This guideline covers instances of unauthorized access to personal data as well as unauthorized or improper distribution of personal data. In this context, unauthorized improper use includes any unauthorized distribution, outside the scope of the originally intended use, of personal data that was obtained by authorized access.

For the purpose of this guideline, personal information is defined to mean first name OR first initial and last name in combination with one or more of the following:

  • Social security number,
  • Or driver's license number,
  • Or California identification number,
  • Or financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

For the purpose of this guideline, in the case of any unauthorized intrusion into a server that stores personal information, it can be presumed that the personal information stored there was not acquired if reasonable technical evaluation and best practices leads to the conclusion that the information was not acquired.

AAXIS Role

AAXIS group can assist organizations as a result of having implemented SB1386 provisions in a number of Fortune 100 companies. AAXIS Group can:

  • Coordinate assessment and communication efforts in the case of an incident,
  • Ensure the maintenance of the Sensitive Data Incident tracking database,
  • Ensure that post incident evaluations are conducted and documented,
  • Support policy modifications resulting from Sensitive Data incidents,
  • Ensure the maintenance of the Sensitive Data Incident documentation repository.
  • Provide safeguarding methodology for Non-Public Personal Information (NPI) by applying proven and SB1386 compliant rules
  • Provide technology to prevent misuse of the NPI data
  • Provide effective SDLC processes in combination with SOX compliance rules to prevent human errors
  • Provide effective monitoring and auditing capabilities for on-going safeguarding of the NPI data

Copyright © 2005. AAXIS Group Corporation. All rights reserved.