As of July 1, 2003, a new law will require California businesses to disclose security breaches of computerized personal data. You will have to inform a California resident when you have a reasonable belief there’s been unauthorized access to their unencrypted personal information i.e., the person’s first name or initial and last name, in combination with either: 1) Social Security number; 2) driver’s license or California I.D. number; or 3) account number, credit or debit card number, along with a required security code, access code. or password. The law affects all businesses and isn’t just directed at the workplace. Be sure to have compliance measures in place, including procedures for employees to inform appropriate company officials of security breaches and procedures to notify victims, either in writing or electronically.