Data breaches: customer notification.
- Requires businesses to notify California residents of data breaches within 30 days of discovery.
- Mandates notification to the Attorney General within 15 days when breaches affect over 500 residents.
- Requires breach notifications to include detailed information about the incident and protection measures.
- Allows delayed notification only for law enforcement needs or to determine breach scope.
Senator Hurtado's data breach notification measure establishes specific timelines for California businesses to inform consumers and regulators about security incidents. Under the proposal, organizations must notify affected California residents within 30 calendar days of discovering a data breach, while retaining flexibility to delay disclosure for law enforcement needs or to determine the breach's scope.
The legislation also requires businesses to submit sample breach notifications to the Attorney General within 15 calendar days of informing consumers when incidents affect more than 500 California residents. These notifications must follow a standardized format with plain language headers covering what happened, what information was involved, response measures, and guidance for affected individuals.
The measure maintains existing requirements for notification content, including breach timing details, types of compromised data, and whether law enforcement investigations caused any delays. Organizations must continue providing identity theft prevention services at no cost for 12 months when social security numbers or driver's license information is exposed. Alternative notification methods remain available when standard notice would exceed $250,000 or affect more than 500,000 people.
 Ash KalraD Assemblymember | Committee Member |  Not Contacted | |
 Rebecca Bauer-KahanD Assemblymember | Committee Member | Not Contacted | |
 Melissa HurtadoD Senator | Bill Author | Not Contacted | |
 Isaac BryanD Assemblymember | Committee Member | Not Contacted | |
 Damon ConnollyD Assemblymember | Committee Member | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 15 | 0 | 0 | 15 | PASS |
- Requires businesses to notify California residents of data breaches within 30 days of discovery.
- Mandates notification to the Attorney General within 15 days when breaches affect over 500 residents.
- Requires breach notifications to include detailed information about the incident and protection measures.
- Allows delayed notification only for law enforcement needs or to determine breach scope.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Senator Hurtado's data breach notification measure establishes specific timelines for California businesses to inform consumers and regulators about security incidents. Under the proposal, organizations must notify affected California residents within 30 calendar days of discovering a data breach, while retaining flexibility to delay disclosure for law enforcement needs or to determine the breach's scope.
The legislation also requires businesses to submit sample breach notifications to the Attorney General within 15 calendar days of informing consumers when incidents affect more than 500 California residents. These notifications must follow a standardized format with plain language headers covering what happened, what information was involved, response measures, and guidance for affected individuals.
The measure maintains existing requirements for notification content, including breach timing details, types of compromised data, and whether law enforcement investigations caused any delays. Organizations must continue providing identity theft prevention services at no cost for 12 months when social security numbers or driver's license information is exposed. Alternative notification methods remain available when standard notice would exceed $250,000 or affect more than 500,000 people.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 15 | 0 | 0 | 15 | PASS |
Ash KalraD Assemblymember | Committee Member | Not Contacted | |
Rebecca Bauer-KahanD Assemblymember | Committee Member | Not Contacted | |
Melissa HurtadoD Senator | Bill Author | Not Contacted | |
Isaac BryanD Assemblymember | Committee Member | Not Contacted | |
Damon ConnollyD Assemblymember | Committee Member | Not Contacted |