Senator Joe Simitian (the author of the original California data breach notification law) introduced California S.B. 20 in December, which was amended on March 4, 2009. The bill would expand the current data breach notification requirements in California by requiring (a) specific information about the breach to be included in the notice and (b) the breach to be reported to the Attorney General. Amongst other things, the bill mandates breach notifications to include the name of the entity making the notification, the type of personal information that was breached, the date range of exposure, a description of the breach, the number of people affected, and information on credit reporting agencies. The bill also allows additional discretionary information to be included, such as steps taken by the entity to protect the individuals whose information was exposed and advice on steps those individuals can take to protect themselves.