California’s AG is proposing expanding the state’s Data Breach notification law to require businesses to notify consumers when their passport or biometric data such as fingerprint or retina information is exposed. This extends the list of protected data beyond SSN, driver’s license, medical and other personal records.