California recently updated its landmark data breach law by adding additional requirements, as well as additional exemptions.  The law now requires more specific disclosures regarding the nature of the incident, as well as the type of data involved, which at some level conflicts with the requirements of Massachusetts law.  It also has additional exemptions regarding entities covered by HIPAA.  This law was vetoed twice in the past, but Governor Brown recently signed it into law.

More information can be found here, and here.