California’s Assembly Bill 1859 (AB 1859) aims to impose substantial new security obligations on consumer credit reporting agencies and companies that contract with such agencies. Under the new law, agencies and their contractors would be “required to expediently apply software updates to their systems, proactively identify and address vulnerabilities and regularly test their systems.” Those who fail to do so could be liable for civil penalties, damages and attorney’s fees.