California, a state that has been a leader in strong data security laws, has amended those laws to make their breach notification requirements more specific. Aravind Swaminathan and Rishad Patel, Orrick partner and associate, respectively, spoke with the Cybersecurity Law Report about what companies need to know about the changes made by the amendments and how companies can approach the different notice requirements of 47 states. The California changes take effect January 1, 2016 and include SB 570, which requires specific breach notice formatting; SB 34, which expands the definition of personal information and clarifies the substitute notice process; and AB 964, which clarifies the meaning of encryption. See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).