Reporting data breaches in California, the granddaddy of state data breach notification laws, now requires an additional step for insurance companies that do business in the state.  In May, Dave Jones, the California Insurance Commissioner, sent a notification to such companies requesting that they inform his office of any data breach notifications sent to the California Attorney General pursuant to the state’s data breach notification law.  According to the letter sent to the covered entities, Jones has the authority to request such notifications under California’s Insurance Information and Privacy Protection Act, which “establishes standards for the collection, use, and disclosure of information gathered by insurers” and empowers the Insurance Commissioner to ensure compliance with those standards.