On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years. The news was quickly overshadowed by the CJEU’s decision invalidating the US-EU Safe Harbor Framework on the same day, but the California law amendments should not be overlooked. The amendments, which update Cal. Civ. Code § 1789.29 (for state agencies) and § 1789.82 (for businesses), were part of a legislative “package deal” of three separate bills mandating a new breach notice format (S.B. 570), defining “encryption” (A.B. 964), and expanding the definition of “personal information” and clarifying substitute notice requirements (S.B. 34). The amendments will take effect on January 1, 2016.