All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.
Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).
PLEASE NOTE: NCSL serves state legislators and their staff. This site provides general comparative information only and should not be relied upon or construed as legal advice.
| State | Citation |
| Alabama | 2018 S.B. 318, Act No. 396 |
| Alaska | Alaska Stat. § 45.48.010 et seq. |
| Arizona | Ariz. Rev. Stat. § 18-545 |
| Arkansas | Ark. Code §§ 4-110-101 et seq. |
| California | Cal. Civ. Code §§ 1798.29, 1798.82 |
| Colorado | Colo. Rev. Stat. § 6-1-716 |
| Connecticut | Conn. Gen Stat. §§ 36a-701b, 4e-70 |
| Delaware | Del. Code tit. 6, § 12B-101 et seq. |
| Florida | Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i) |
| Georgia | Ga. Code §§ 10-1-910, -911, -912; § 46-5-214 |
| Hawaii | Haw. Rev. Stat. § 487N-1 et seq. |
| Idaho | Idaho Stat. §§ 28-51-104 to -107 |
| Illinois | 815 ILCS §§ 530/1 to 530/25 |
| Indiana | Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq. |
| Iowa | Iowa Code §§ 715C.1, 715C.2 |
| Kansas | Kan. Stat. § 50-7a01 et seq. |
| Kentucky | KRS § 365.732, KRS §§ 61.931 to 61.934 |
| Louisiana | La. Rev. Stat. §§ 51:3071 et seq. |
| Maine | Me. Rev. Stat. tit. 10 § 1346 et seq. |
| Maryland | Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308 |
| Massachusetts | Mass. Gen. Laws § 93H-1 et seq. |
| Michigan | Mich. Comp. Laws §§ 445.63, 445.72 |
| Minnesota | Minn. Stat. §§ 325E.61, 325E.64 |
| Mississippi | Miss. Code § 75-24-29 |
| Missouri | Mo. Rev. Stat. § 407.1500 |
| Montana | Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq., 33-19-321 |
| Nebraska | Neb. Rev. Stat. §§ 87-801 et seq. |
| Nevada | Nev. Rev. Stat. §§ 603A.010 et seq., 242.183 |
| New Hampshire | N.H. Rev. Stat. §§ 359-C:19, 359-C:20, 359-C:21 |
| New Jersey | N.J. Stat. § 56:8-161, 163 |
| New Mexico | 2017 H.B. 15, Chap. 36 |
| New York | N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208 |
| North Carolina | N.C. Gen. Stat §§ 75-61, 75-65 |
| North Dakota | N.D. Cent. Code §§ 51-30-01 et seq. |
| Ohio | Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192 |
| Oklahoma | Okla. Stat. §§ 74-3113.1, 24-161 to -166 |
| Oregon | Oregon Rev. Stat. §§ 646A.600 to .628 |
| Pennsylvania | 73 Pa. Stat. §§ 2301 et seq. |
| Rhode Island | R.I. Gen. Laws §§ 11-49.3-1 et seq. |
| South Carolina | S.C. Code § 39-1-90 |
| South Dakota | S.D. Cod. Laws §§ 20-40-20 to -46 (2018 S.B. 62) |
| Tenessee | Tenn. Code §§ 47-18-2107; 8-4-119 |
| Texas | Tex. Bus. & Com. Code §§ 521.002, 521.053 |
| Utah | Utah Code §§ 13-44-101 et seq. |
| Vermont | Vt. Stat. tit. 9 §§ 2430, 2435 |
| Virginia | Va. Code §§ 18.2-186.6, 32.1-127.1:05 |
| Washington | Wash. Rev. Code §§ 19.255.010, 42.56.590 |
| West Virginia | W.V. Code §§ 46A-2A-101 et seq. |
| Wisconsin | Wis. Stat. § 134.98 |
| Wyoming | Wyo. Stat. §§ 40-12-501 et seq. |
| District of Columbia | D.C. Code §§ 28- 3851 et seq. |
| Guam | 9 GCA §§ 48-10 et seq. |
| Puerto Rico | 10 Laws of Puerto Rico §§ 4051 et seq. |
| Virgin Islands | V.I. Code tit. 14, §§ 2208, 2209 |
In an increasingly digitized world, we value privacy and are committed to protecting your personal information. Data and its protection are at the core of everything Digital Edge does. As such, our business is built on Stability, Security, Efficiency, and Compliance, enabling us to protect our customers’ most valuable assets. We are committed to complying with the new and old legislation and will collaborate with partners throughout this process.
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution.
For more resources:
https://www.dwt.com/gcp/state-data-breach-statutes
.jpg "Danielle Johnsen")