An employee of Golden State Credit Union viewed member account information, containing Personally Identifiable Information (PII), without having the requisite authority to view such accounts. This action — alone — was sufficient to trigger the notification requirement of the California data breach notification law, at great expense and frustration for the Credit Union, which offered credit monitoring services to those affected.
Do you still think that your company isn’t at risk for a data breach? If so, go ahead and get familiar with the image below — this is the first page of the template for the notification that Golden State had to send out!
