California Civil Code §1798 is California’s general breach notification statute, and generally requires any person, business or state agency that conducts business in California, and that owns or licenses computerized data that includes “personal information” (as defined in the statute), to notify California residents (and in some cases the California Attorney General) when unencrypted personal information was acquired, or is reasonably believed to have been acquired, by an unauthorized person. Disclosures must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.