The California state government learned the hard way the repercussions of not acting swiftly to respond to, secure and disclose that employee personal data was comprised by a wide scale database hacking operation in April 2002. Fast forward, and their legislature is now the first in the country to pass a law to prevent the fall-out of such future attacks. Their action comes in the form of passage of SB 1386, effective July 1, 2003. It requires that “a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”