A Summary of State Data Breach Laws «

A Summary of State Data Breach Laws

Mar 2 2011
California was the first State to pass a data security breach law. Since then, 43 additional states, along with the District of Columbia, Puerto Rico and the Virgin Islands have passed laws that require public disclosure of data security breaches.

Most states require businesses that own, lease or store personally identifiable information to notify every individual whose personal data is stolen or misused. In some cases, businesses must also contact the major credit reporting agencies, State Attorney General, and the news media.

Data breaches do not always have to be disclosed. Exceptions include the loss of encrypted data, and the judgment of law enforcement authorities that the breach is not likely to result in harm to the individuals. In addition, disclosure is not required if it would interfere with an on-going investigation.

Because of the growing threat of identity theft, Congress is considering several laws that would regulate data security breaches from the federal level. As of this writing, however, data security is still regulated on a state by state basis.

If you store personally identifiable information, you need to be aware of your State’s data security breach disclosure laws. To help with your research, the following pages contains links to current laws.


  • New ETFs From Scottrade - No Brokerage Fees

    There's no doubt that there are more exchange traded products now than ever.

    classy, black-and-white Corsair Graphite 600T case that says sci-fi, not hot rod. I want to get like eight of these things, ...
    Read More
  • 14 ETF Trading Strategies

    You may have heard of ETFs and some of you even have them in your portfolios, but not many investors are aware of the diverse ETF trading strategies these assets have to offer.

    Read More