If passed, the deadline for breach notification to State residents would increase from 30 to 60 days, notification of breached login credentials will require data controllers to advise affected residents to change their passwords and notification will not be permitted to be provided through affected online accounts; breach notification will also need to be given to the Attorney General (“AG”), who has the discretion to provide documents and information in relation to investigations of data breaches.