Why must an agency notify an individual when there has been an incident involving their personal information?

The California Breach Notification law (Civil Code Section 1798.29) requires a notification be made to individuals when the breach involves unencrypted “Notice Triggering” personal information as defined in the section. Technically, the law is applicable to a breach involving computerized data. However, the state has taken the position that a notification should be made when a breach of this same “Notice Triggering” data involves paper or other types of media, as the breach would expose individuals to the same financial/identity theft risk and concerns. Safeguarding all personal, confidential, or sensitive information, no matter the format, is essential to maintaining trust in state government. The objective is to make timely notification to individuals so that they may take appropriate steps to protect themselves.