United States Breach Notification Laws
By DON Privacy Team - Published, February 17, 2017
Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information.
Breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/information brokers, government entities, etc); definitions of "personal information" (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).
View United States Breach Notification Laws.