California aims to strengthen data breach notification law


California lawmakers and officials on Thursday announced an update to a law that would make more robust requirements for companies to alert people to major data breaches.

California Attorney General Xavier Becerra and state assembly member Marc Levine (D) introduced the bill on Thursday evening.

The bill would update an existing California law that only requires companies to notify state victims if social security numbers, drivers licenses, and credit cards are involved in a data breach. Passport cards, green cards, and biometric information would be added to the law.

“We’ve learned a few things over the years,” Becerra said in a press conference Thursday. “We’ve seen what’s happened with some of these breaches, and we have more information now to help guide us.”

Becerra added: “We have an opportunity today to make that data breach law stronger, and that’s why we’re moving today to make it more difficult for those hackers, and those cybercriminals to not win in this game of getting your private information.”

The new bill comes on the heels of a data breach from Starwood Hotels that exposed names, addresses, and passport information for hundreds of millions of people.

Becarra said he hopes the bill will pass through the state’s legislature and be signed by the governor.

You can watch all of the remarks here.


Andrew Wyrich

Andrew Wyrich

Andrew Wyrich is a politics staff writer for the Daily Dot, covering the intersection of politics and the internet. Andrew has written for USA Today,, and other newspapers and websites. His work has been recognized by the Society of the Silurians, Investigative Reporters & Editors (IRE), and the Society of Professional Journalists (SPJ).