Does your business retain personal information on your customers in California?  In general, if you have a security breach in your system, you may have to notify all of those customers of the breach.

It seems routine that you receive a letter from your financial institution advising them that personal data in a third party’s possession has been compromised and that they need to take steps to protect themselves from identity theft.  The California law is drafted just for that reason–to notify citizens of a potential threat to their identity.

Under Civil Code 1798.82 and other statutes, only certain data that is personal and not public is protected.  Once you are aware of the breach, you must give notification to effected individuals pursuant to Civil Code 1798.82(g).  This notification may be costly and must  be completed expeditiously.

Here is a quick guide found on Google: http://law.du.edu/images/privacy-foundation/What_Are_Data_Breach_Security_Lawsfinal.pdf.