It is my understanding that a new California law requires us (financial institution...even if we do not have offices in California) to notify California customers if any personal information has been breached. For example, we may have a credit card issued to a California resident even though California is not our market area. I'm interested in any ideas on how other banks plan to comply.