Although forty-six states, as well as the District of Columbia, Puerto Rico and the U.S. Virgin Islands, have enacted security breach notification laws, states continue to consider modifications to their existing laws. For example, on August 18, the California legislature once again approved a bill (S. 1166) that would amend the state’s security breach notification law. If signed by the Governor, the amendment would, among other things, provide requirements for the content of notices that businesses must send to consumers when there is a security breach. Moreover, the amendment would require that businesses notify the California Attorney General of breaches involving more than 500 state residents. S.B. 1166 is substantially similar to two previous bills that have been approved by the California legislature and then ultimately vetoed by the Governor.