California Data Breach Notification Deadline Calculator

Calculate key notification deadlines under California Civil Code §§ 1798.29 and 1798.82. California requires notification to affected residents in the "most expedient time possible and without unreasonable delay," with a hard cap of 45 days for certain breaches involving government agencies. This tool calculates the 45-day statutory deadline, the 30-day AG notification threshold trigger, and recommended best-practice milestones.

The date your organization became aware of the breach.
Government agencies have a strict 45-day hard deadline; private entities must notify "without unreasonable delay."
If more than 500 residents are affected, you must also notify the California Attorney General.
Notification may be delayed if a law enforcement agency determines it would impede a criminal investigation.
Enter the number of days law enforcement has requested the delay. Leave 0 if not applicable.

Formula & Calculation Logic

Effective Start Date = Discovery Date + Law Enforcement Delay Days (if applicable)

Internal Milestone = Discovery Date + 15 days (recommended scope confirmation)

Private Entity Notification Deadline = Effective Start Date + 30 days (best practice for "without unreasonable delay" under Cal. Civ. Code § 1798.82)

Government Agency Hard Deadline = Effective Start Date + 45 days (Cal. Civ. Code § 1798.29(a))

AG Notification Deadline = Same as resident notification deadline, triggered when affected residents > 500 (Cal. Civ. Code § 1798.82(f))

Days Remaining = Deadline Date − Today's Date

Assumptions & References

  • Cal. Civ. Code § 1798.82: Requires private businesses to notify California residents of a breach of unencrypted personal information "in the most expedient time possible and without unreasonable delay." The 30-day figure is a widely accepted industry benchmark for "without unreasonable delay."
  • Cal. Civ. Code § 1798.29: Applies to state agencies and imposes a strict 45-calendar-day hard deadline from discovery.
  • Cal. Civ. Code § 1798.82(f): If a breach affects more than 500 California residents, the business must submit a sample copy of the notification to the California Attorney General simultaneously with notifying affected individuals.
  • Law Enforcement Delay: Under § 1798.82(c), notification may be delayed if a law enforcement agency determines that notification would impede a criminal investigation. The delay lasts only as long as necessary.
  • Covered Personal Information: Includes Social Security numbers, driver's license numbers, financial account numbers, medical information, health insurance information, login credentials, and biometric data.
  • Substitute Notice: Allowed when the cost of direct notification exceeds $250,000, more than 500,000 residents are affected, or the business lacks sufficient contact information.
  • This calculator does not constitute legal advice. Consult qualified legal counsel for breach response decisions.
  • All deadlines are in calendar days, not business days.

More Calculators

In the network

Network