These amendments lower the threshold at which an organization has to notify an individual about a breach. Instead of there being a judgment that there's a high risk of harm, an individual has to be notified if their information has ended up in the wrong hands.
For example, the California breach notification law requires disclosure of any breach of unencrypted personal information that is reasonably believed to have been acquired by any unauthorized person.