A new California law expands the state's existing data-breach notification law to include unencrypted medical histories, information on mental or physical conditions, and medical treatments and diagnoses. Under the law, California residents must now be notified when their electronic medical information or health insurance information has been exposed.