On October 3, the governor of California signed into law SB 446, which amends current state code to add new data breach notification requirements. Generally, the law requires individuals or companies conducting business in California to disclose data breaches within 30 calendar days, though disclosure may be delayed to assist law enforcement needs or to determine the breach’s scope and restore data system integrity. Additionally, if a security breach notification must be issued to more than 500 California residents, a sample copy of the notification must be electronically submitted to the attorney general within 15 calendar days of notifying affected consumers.
[View source.]