On Oct. 11, California enacted A.B. 1130, which amends the state’s Data Breach Notification Law.[1]
A.B. 1130 expands the definition of “personal information” under the existing Data Breach Notification Law by requiring businesses to notify residents when their “tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual” or biometric information are compromised in a data breach.[2]
The new law takes effect on Jan. 1.
The legislation is part of an ongoing trend in California and other states to expand the definition of “personal information.” The expanding scope of the definition broadens the circumstances that may require data breach notification to affected individuals.