Under the bill, notification would be required for breaches involving passports, passport numbers and green card numbers, plus fingerprints and other biometric data. The state’s current consumer protections exempt companies from disclosure requirements if just passport numbers were exposed.