The California State Senate has passed a law, SB-20, that would require breached organizations to provide victims with additional information. The legislation would mandate that companies tell customers what type of personal information was breached and when the breach occurred. Currently, the state's pioneering SB-1386 law requires the breached entity to only say that a compromise occurred. The new bill, introduced by state Democrat Sen. Joe Simitian, who also sponsored SB-1386, is now up for approval in the state Assembly. — DK