Data Security Breach Reporting

California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) [agency] and California Civ. Code s. 1798.82(a) [person or business].)

Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. (California Civil Code s. 1798.29(e) [agency] and California Civ. Code s. 1798.82(f) [person or business].)

If you are a Business or State Agency

Please use our on-line form to Submit Data Security Breach notification samples.

If you are a Resident

You may Search Data Security Breaches that have been submitted to and published by our office; or you may contact us using our online complaint form.

Business Resources from the California Attorney General