Article
Source: Law360
Article
11.12.25
In an article co-authored by Litigation partner Mark Krotoski and senior law clerk Alexandria Marx, the authors discuss California’s new Senate Bill 446, which takes effect on January 1, 2026 and establishes strict data breach notification deadlines. The law requires businesses and government agencies to notify affected residents within 30 days of discovering a breach and submit a sample notice to the California Attorney General within 15 days if more than 500 California residents are affected. These fixed timelines replace the prior “expedient time possible” standard, with limited exceptions for law enforcement needs or to determine the scope and integrity of the breach.
The authors note that regulators are increasingly emphasizing timely and accurate breach notifications, with enforcement actions resulting in significant fines for noncompliance. According to Krotoski and Marx, companies should update their incident response plans, establish processes for verifying notification accuracy and ensure coordination across multiple state and federal notification requirements to prepare.
To read the full article, click here.