Companies doing business in California have until January 1, 2012 to begin complying with an enhanced data breach law that was signed by the Governor of California on August 31, 2011. Of course California already has a data breach notification law—this new law just expands it. The new law creates requirements for content in breach notification letters such as including a description of the incident, detailing the types of personal information exposed and offering contact info for credit reporting agencies in California. In addition, companies are now also required to send the notification letter to the state attorney general’s office if the breach impacts 500 or more individuals in California. Check out the Security section of our blog for more security-related news.