Late last month, California Governor Jerry Brown signed into law new requirements for companies affected by data breaches. Under A.B. 1710, upon discovery or notification of a security breach resulting in unauthorized access to a California resident’s unencrypted personal data, businesses that are the “source of the breach” must offer free identity theft prevention and mitigation services for a minimum of one year to any customer whose name and either his social security number, driver’s license number, or California ID number is accessed without authorization. Additionally, A.B. 1710 expands the scope of the requirement that businesses “implement and maintain reasonable security procedures and practices” if they handle California residents’ personal information. The requirements go into effect January 1, 2015.