CA AB2182

Requires businesses in California that experience a data breach to provide "rolling" disclosures to affected residents when full disclosure is delayed due to determining the breach scope or restoring data system integrity

Mandates that during delayed disclosure periods, businesses must share as much information as possible, to as many affected residents as possible, as soon as possible

Maintains existing requirements that breach notifications be made in the most expedient time possible without unreasonable delay, consistent with law enforcement needs

Applies to breaches involving personal information including Social Security numbers, driver's license numbers, financial account information, medical information, health insurance information, and login credentials

Businesses notifying more than 500 California residents of a breach must submit a sample notification to the Attorney General