California data breach notifications

Any business owning or licensing computerized data including personal information that experiences a breach involving California residents must notify affected residents and, when more than 500 residents are affected, the California Attorney General.

How DisclosureLens indexes California filings

DisclosureLens polls the California AG portal on a regular schedule, fetches each new notice, extracts a structured BreachDisclosure v1 record, resolves the affected entity to its LEI/CIK when possible, and publishes via REST + webhooks + STIX/TAXII.

Extraction provenance

Extracted records carry per-field source citations into the California AG notice they came from, plus a per-record confidence score and a full extraction audit trail. California filings inherit the same BreachDisclosure v1 schema as SEC 8-Ks, HHS OCR notices, and EU DPA registers — same fields, same provenance metadata, deduped against same-incident filings in other jurisdictions. Full pipeline details: Sources & Methodology.

Statute

Cal. Civ. Code § 1798.82

Authoritative source

https://oag.ca.gov/privacy/databreach/list

Corrections

Email corrections@disclosurelens.com — 48-hour SLA from receipt.