California recently passed a trio of bills amending its data breach notification laws to bolster existing requirements for businesses affected by data breach. Among the changes enacted in this legislative package, signed by Governor Jerry Brown on October 6, 2015, is an expanded definition for "personal information" that now includes data captured by automated license plate recognition systems. In addition, California has set a new standard for data encryption, which now requires that encrypted data be "rendered unusable, unreadable or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security." Finally, the amended law imposes new requirements for the specific language that must be used in security breach notifications and offers a model form that businesses may use as a template. The notices themselves must now be titled "Notice of Data Breach," and information about the data breach must be presented under predetermined headings that include "What Happened," "What Information Was Involved," "What We Are Doing," and "What You Can Do." The full text of the amended laws, which become effective on January 1, 2016, is available here (S.B. 34), here (A.B. 964), and here (S.B. 570).