California Attorney General Xavier Becerra and Assembly member Marc Levine want to require companies to notify customers if their passport numbers and biometric information, such as fingerprints and iris scans, have been compromised. 

This proposed bill was prompted by the massive Starwood Hotels data breach in 2018, affecting as many as 500 million guests.“

As Becerra noted, California was the first state to pass a data breach notification law back in 2003, requiring businesses to disclose if consumers' personal information had been stolen. 

However, only social security numbers, driver's license numbers, credit card numbers and medical and health insurance data are considered ‘personal information’ under its rules.”