In January of 2005, the state also passed the California Security of Information Law, which specifies businesses must ensure that personal information (defined by statute as name, driver license, Social Security Number, and any financial account numbers including credit cards) is properly protected. Although certain sections of this law has been preempted by federal information security regulations (under HIPAA, Gramm-Leach-Bliley Act, Fair and Accurate Credit Transactions Act, etc…), much of it is still in effect. In addition, Cal. Civ. Code § 1798.81.5, mandates that companies mandate appropriate security measures to protect personal information from unauthorized disclosure. California also has more stringent requirements about the disclosure of information to direct marketers and, pursuant to Cal. Civ. Code § 1798.81.5, requires specific provisions in contracts between companies and thirds parties where private personal information will be communicated to a third party.
Furthermore, under Cal. Civ. Code § 1798.82, companies are liable for security breaches that occur as a result of third party service providers. Business must promptly notify California residents when their personal information was potentially compromised, whether or not they have any actual liability for the breach. Required disclosures for when breaches occur included specific information about the type of breach that occurred and the timing of the breach. The state has assembly has since softened the notice requirement by allowing an entity to provide substitute notice by posting information about the breach on the company’s website. This measure has significantly reduced the cost of notice for startups and small businesses, but the cost of assessing the breach and what specific information was compromised still remains. California was also the first state to establish a centralized method of reporting, recording and cataloging security breaches.
 Richard Raysman and Peter Brown, Computer Law: Drafting and Negotiating Forms, CLDNF § 15.02 (2009).
 Jeffrey D. Neuburger, Technology, The Internet and Electronic Commerce: Staying Interactive in the High-Tech Environment, A Summary of Recent Developments in the Law. 927 PLI/Pat 699, (February-April 2008)
 Cal. Civ. Code §1798.83 et seq.