California data breach notifications

Any business owning or licensing computerized data including personal information that experiences a breach involving California residents must notify affected residents and, when more than 500 residents are affected, the California Attorney General.

Statute

Cal. Civ. Code § 1798.82

Authoritative source

https://oag.ca.gov/privacy/databreach/list

How DisclosureFeed indexes California filings

DisclosureFeed polls the California AG portal on a regular schedule, fetches each new notice, extracts a structured BreachDisclosure v1 record, resolves the affected entity to its LEI/CIK when possible, and publishes via REST + webhooks + STIX/TAXII.

Methodology & AI-assisted output disclosure

Extraction is performed by Claude Sonnet 4.6 with Instructor + Pydantic validation; outputs carry per-field source-span citations and per-field confidence scores. Per EU AI Act Article 50 (in force August 2, 2026), every record is labeled ai_assisted: true. See the full Sources & Methodology page.

Corrections

Email corrections@disclosurefeed.com — 48-hour SLA from receipt.