On September 30, 2025, the California Department of Insurance (CDI) issued a notice to all admitted and non-admitted insurers, insurance producers, support organizations, statistical agents, and other interested parties to remind them of their obligation to promptly notify the CDI of any improper disclosure of personal information and/or security breaches.

The notice states that insurance companies that experience any specified breach of security must notify the affected people. Any insurer that is required to send a security breach notification to more than 500 California residents should also submit a copy of the notification to the Attorney General of the State of California and the CDI. Additionally, insurers must provide the CDI with information about any affiliate, vendor, or service provider data breach event that affects insurance consumer information of the insurer. Copies of the notices and any other pertinent related information should be sent to DataBreach@insurance.ca.gov.

Please see the notice for more information. For any questions regarding the notice, please contact CDIPrivacyOffice@insurance.ca.gov.