| Update Applicable to: | Effective Date |
| All Businesses and Organizations Operating in California That Own or License Personal Information | January 1, 2026 |
What happened?
On October 3, 2025, Governor Gavin Newsom signed Senate Bill (SB) 446 into law, strengthening California’s data privacy protections by clarifying how businesses must notify customers after a data breach.
Overview:
SB 446 updates California’s Civil Code Section 1798.82, which governs data breach notification requirements. The bill ensures that individuals are promptly and transparently informed when their personal data is compromised.
The law clarifies that businesses must notify affected individuals in a clear and easy to understand way, and that the notification must include:
- The type of personal information breached
- The date or estimated date of the breach
- A general description of what happened
The following items are recommended as best practices by agencies like the California Attorney General, but they are not required by SB 446:
- Contact information for the business
- Steps individuals can take to protect themselves
Source References
Resources
- California Office of the Attorney General – Data Breach Reports
- California Privacy Protection Agency (CPPA) – for future rulemaking and enforcement updates
Need help understanding how changes to employment laws will affect your business?
Learn more about how Vensure's California PEO services can help you navigate complex employment laws and keep your business compliant.
This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.
