Knowledge

9/29/2018

US Data Breach Notification Laws- State by State

All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).

PLEASE NOTE: NCSL serves state legislators and their staff. This site provides general comparative information only and should not be relied upon or construed as legal advice. 

State Citation
Alabama 2018 S.B. 318, Act No. 396
Alaska Alaska Stat. § 45.48.010 et seq.
Arizona Ariz. Rev. Stat. § 18-545
Arkansas Ark. Code §§ 4-110-101 et seq.
California  Cal. Civ. Code §§ 1798.291798.82
Colorado Colo. Rev. Stat. § 6-1-716
Connecticut Conn. Gen Stat. §§ 36a-701b4e-70
Delaware Del. Code tit. 6, § 12B-101 et seq.
Florida Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i) 
Georgia Ga. Code §§ 10-1-910, -911, -912; § 46-5-214
Hawaii Haw. Rev. Stat. § 487N-1 et seq.
Idaho Idaho Stat. §§ 28-51-104 to -107
Illinois 815 ILCS §§ 530/1 to 530/25
Indiana Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq.
Iowa Iowa Code §§ 715C.1, 715C.2
Kansas Kan. Stat. § 50-7a01 et seq. 
Kentucky KRS § 365.732, KRS §§ 61.931 to 61.934 
Louisiana La. Rev. Stat. §§ 51:3071 et seq.
Maine Me. Rev. Stat. tit. 10 § 1346 et seq.
Maryland Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
Massachusetts Mass. Gen. Laws § 93H-1 et seq.
Michigan Mich. Comp. Laws §§ 445.63, 445.72
Minnesota Minn. Stat. §§ 325E.61, 325E.64
Mississippi Miss. Code § 75-24-29
Missouri Mo. Rev. Stat. § 407.1500
Montana Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq.33-19-321
Nebraska Neb. Rev. Stat. §§ 87-801 et seq.
Nevada Nev. Rev. Stat. §§  603A.010 et seq., 242.183
New Hampshire N.H. Rev. Stat. §§ 359-C:19, 359-C:20359-C:21
New Jersey N.J. Stat. § 56:8-161163
New Mexico 2017 H.B. 15, Chap. 36 
New York N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208
North Carolina N.C. Gen. Stat §§ 75-61, 75-65
North Dakota N.D. Cent. Code §§ 51-30-01 et seq.
Ohio Ohio Rev. Code §§ 1347.121349.19, 1349.191, 1349.192
Oklahoma Okla. Stat. §§ 74-3113.1, 24-161 to -166
Oregon Oregon Rev. Stat. §§ 646A.600 to .628
Pennsylvania 73 Pa. Stat. §§ 2301 et seq.
Rhode Island R.I. Gen. Laws §§ 11-49.3-1 et seq.
South Carolina S.C. Code § 39-1-90
South Dakota S.D. Cod. Laws §§ 20-40-20 to -46 (2018 S.B. 62)
Tenessee  Tenn. Code §§  47-18-2107; 8-4-119
Texas Tex. Bus. & Com. Code §§ 521.002, 521.053
Utah Utah Code §§ 13-44-101 et seq.
Vermont Vt. Stat. tit. 9 §§ 2430, 2435
Virginia Va. Code §§ 18.2-186.632.1-127.1:05
Washington Wash. Rev. Code §§ 19.255.010, 42.56.590
West Virginia W.V. Code §§ 46A-2A-101 et seq.
Wisconsin Wis. Stat. § 134.98
Wyoming Wyo. Stat. §§ 40-12-501 et seq.
District of Columbia D.C. Code §§ 28- 3851 et seq.
Guam 9 GCA §§ 48-10 et seq.
Puerto Rico 10 Laws of Puerto Rico §§ 4051 et seq.
Virgin Islands  V.I. Code tit. 14, §§ 2208, 2209

 

In an increasingly digitized world, we value privacy and are committed to protecting your personal information. Data and its protection are at the core of everything Digital Edge does. As such, our business is built on Stability, Security, Efficiency, and Compliance, enabling us to protect our customers’ most valuable assets. We are committed to complying with the new and old legislation and will collaborate with partners throughout this process.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution.

 

For more resources: 

http://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx

https://www.dwt.com/gcp/state-data-breach-statutes

https://info.digitalguardian.com/rs/768-OQW-145/images/the-definitive-guide-to-us-state-data-breach-laws.pdf

Danielle Johnsen
VP of Compliance

Danielle V. Johnsen joined the Digital Edge team in 2015 as the VP of Compliance.  With a passion for information security and organizational compliance, Danielle’s vision is to enable collaboration between 'The Business' and Information Technology, thus creating common objectives and outcomes that benefit the organization, while staying in compliance with all regulatory bodies and companywide policies. Specializing in security frameworks and policies such as: ISO 9001, ISO 27001, NYS DFS 500, NIST, HIPPA, GDPR, PCI, OSPAR, and more! 
 

 

Was this article helpful?