A new California law requires companies to notify customers of security breaches that expose personally identifiable financial information. The law's reach extends to all companies with customers in California; it takes effect on July 1.
SecurityFocus has a full story with good analysis.