WeVote

Bill

Bill

SB 446

Data breaches: customer notification.

2025-2026 Regular Session Introduced by Melissa Hurtado

SB 446 strengthens California's data breach notification law by establishing clearer requirements for how quickly companies must inform customers of compromised personal information.

Chaptered by Secretary of State. Chapter 319, Statutes of 2025.
0
WeVote Research Nonpartisan
Bill Summary · SB 446

Legislative bill overview

SB 446 modifies California's data breach notification requirements, specifically governing how and when companies must notify customers when their personal information is compromised. The bill became law in October 2025 after passing both chambers unanimously and receiving gubernatorial approval.

Why is this important

Data breach notifications directly affect millions of California consumers who need timely, accurate information to protect themselves from identity theft and fraud. The law establishes enforceable standards for businesses handling personal data, which has significant implications for corporate compliance costs and consumer protection practices across industries operating in California.

Potential points of contention

  • Notification timeline requirements: The bill may impose stricter timeframes for breach disclosure, creating compliance challenges for companies with large customer bases or complex breach investigations
  • Definition of "personal information": Disputes may arise over what data categories trigger notification obligations, potentially affecting which breaches require costly notification campaigns
  • Exemption scope: Disagreement over which entities are exempt (encrypted data, secure systems, etc.) could create competitive disadvantages and litigation over compliance interpretation

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.