Skip to the main content.

2 min read

Data Breach and Cybercrime in California: What You Need to Know

If you are a business owner with any kind of IT infrastructure in place, you should make sure you’re protected against cybercrime. Even though cybercrime sounds like something that only happens to governments or major corporations, more often than not, it actually takes place on the back-room servers of small businesses. Literally any computer with an Internet connection is liable to be targeted, and data breaches of this nature are surprisingly common. For this reason, businesses in California are required to report data breaches as soon as they notice them. The Office of the Attorney General calls this “Data Security Breach Reporting,” and it applies to small businesses and large ones alike.

California Breach Notification Law

Two Types of Data Breaches

The Office of the Attorney General categorizes data breaches into two broad types:

  • Those that expose unencrypted personal information on more than 500 California residents at a time, and;
  • Those that expose unencrypted personal information on fewer than 500 California residents at a time.

It’s important to know that these rules apply to each individual data breach. The actions that the company has to take change based on whether the breach affected a large number or a small number of residents.

What You Need to Do in the Event of a Data Breach

Apart from the obvious — renovating your IT security infrastructure and hiring a third-party IT management firm to address the damage — California law requires you to notify each individual affected. If you accidentally exposed the information of fewer than 500 people, your obligation ends there. If the number was more than 500, then you need to submit a sample of that notification directly to the Attorney General.

What Are Data Breaches and How Are They Detected?

Data breaches can take a wide variety of forms, but they are typically defined by attempts to gain unauthorized access to personally identifiable information for criminal use. This can be for identify theft purposes, such as opening lines of credit under false names, or even for corporate espionage. Managed IT providers catch data breaches by monitoring their systems constantly. If your business does not have such monitoring in place, the breach may go completely unnoticed until the authorities step in.

This was the case of Cate Machine & Welding, a small family business whose tiny office server became a focal point for cyberattacks from Chinese hackers who used their computer as a jumping-off point for additional attacks against American law firms, manufacturers, financial service providers and electronics companies. These attacks were traced back to that computer, and a proactive web security firm began monitoring its activity in order to predict further attacks.

This example illustrates that cybercrime is not just in the realm of huge corporations and government agencies — it can happen anywhere, to anyone. This is why even small businesses who never gave second thought to IT infrastructure need to invest in cybersecurity. In fact, these types of small businesses are especially encouraged to invest in secure infrastructures because they make much easier targets than the major firms do.

{company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.


Safeguard your organization against digital threats with our specialized cybersecurity IT consulting services in San Francisco and Los Angeles. We...

Read More


Citrix is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work...

Read More

Cisco Meraki

Cisco Meraki is the leader in cloud controlled WiFi, routing, and security. Secure and scalable, Cisco Meraki enterprise networks simply work.

Read More