State Farm Insurance reported (pdf) that when they discovered that an employee of a Tennessee agent had improperly disposed of trash containing customer information, they decided to notify all customers of the Tennessee agent. They report that as a consequence of the incident, the agent changed their procedures to use a secured waste container in addition to the contract they already had with a secured waste disposal company for disposal of more sensitive information.
Why do I mention/report this breach, which probably seems pretty minor in the big scheme of things? Because most states do not require notification of breaches involving paper records, and I give State Farm Insurance credit for choosing to do the right thing.