Skip to main content

California Data Breach Report

CSR Thoughts...

In reference to the California Data Breach Report, the state attorney general provided a massive amount of insight and statistics.  Included in the report are four recommendations.  Recommendation #1 is important to note because if not followed, it constitutes a lack of reasonable security.  

Feb 2016


California Department of Justice

Recommendation 1:  The 20 controls in the Center for Internet Security’s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.