California is proposing an update to their data breach notification law. When California State Bill 1386 went into effect in 2003, it was country’s first data breach notification legislation. California’s data breach notification rules continue to be among the strongest in the U.S. New changes proposed will include notification if passport numbers were exposed as well as government-issued identification numbers and biometric data. The bill would update California state’s definition of personal information as constituting “an individual’s first name or first initial and last name” in combination with any of the following, when either the name or these data elements have not been encrypted.