CA AB1711

Requires agencies to post security breach notices on their internet website for at least 30 days when a third-party contractor operating a system on behalf of the agency must issue a breach notification under California law.

Specifies that website postings must be conspicuous with a link on the home page or first significant page in larger or contrasting type, font, or color to draw attention to the notice.

Mandates breach notifications use a standardized format with specific headings ("What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," "For More Information") in plain language with at least 10-point type.

Requires agencies notifying more than 500 California residents of a breach to electronically submit a sample copy of the breach notification to the Attorney General.

Expands the definition of "agency" to include local agencies and requires the State Bar of California to comply with data breach notification requirements.