California Security Breach Notification Act, Cal. Civ. Code §1798.80 et seq. (full-text).
The first data breach notification law was enacted in 2002 — S.B. 1386, the California Security Breach Notification Act. It requires any state agency, person, or business that owns or licenses computerized personal information to disclose any breach of a resident’s personal information.
S.B. 1386 was the model for subsequent data breach notification laws enacted by many states and Congress. California’s law and other similar federal and state laws require the disclosure of security breaches of personal information.
- S. B. 1386 requires a state agency or any person or business that owns or licenses computerized data that includes personal information to disclose any security breach of data to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Cal. Civ. Code § 1798.80 et seq.