Central Intelligence
Central IntelligenceSIGNAL FROM NOISE
Last Update: 06/03/2026 at 5:25 AM EST

California breach notification and PII rules

Coverage from Bibiyan Law Group, DeXpose, and others

Articles

4

Latest Article

05/06

Active Days

31

Executive Summary

California privacy rules are tightening around breach notification timing, with SB 446 establishing a 30-day deadline and clearer notice requirements. The surrounding material also reinforces how broadly California defines protected personal and sensitive data, and how breach failures can trigger CCPA damages, attorney general reporting, and class-action exposure.

California breach notification and PII rules topic image

Key Points

  • SB 446 replaces California’s open-ended breach notice standard with a fixed 30-day deadline from discovery.
  • Notices now carry more detailed content requirements, including what happened, what data was involved, and what response steps are being taken.
  • Large breaches still trigger California Attorney General reporting, public disclosure, and documentation requirements for limited delay exceptions.
  • California’s privacy framework treats a wide range of identifiers, credentials, health information, and biometric data as protected or sensitive data.
  • CCPA-related breach exposure remains a major enforcement channel, including statutory damages, cure periods, and class-action risk.
  • The current material is mostly operational and legal guidance rather than a single disputed case, so the signal is coherent and policy-driven.

Featured Article

Bibiyan Law Group04-22-2026
30-Day Data Breach Notification Law
California SB 446, effective January 1, 2026, imposes a 30-day deadline for data breach notification to affected individuals and adds Attorney General notice timelines.

Coverage Timeline: 31 Days

Apr 6Apr 12Apr 18Apr 24Apr 30May 6

Additional Articles

⭐⭐⭐⭐⭐

Bibiyan Law Group / David Bibiyan05-06-2026
Personally Identifiable Information Definition
California employers must notify affected people within 30 days of discovering covered workplace breaches under SB 446 starting Jan. 1, 2026.
DeXpose04-28-2026
California Data Breach Notification Law
California’s breach notification law now requires 30-day notices from discovery under SB 446, covering unencrypted personal information and AG reporting for large incidents.

⭐⭐⭐

Justia04-06-2026
What Actions Can I Take for a Data Breach in California?
California CCPA remedies allow consumers to pursue damages for security failures after written notice and a 30-day cure period.