your roadmap to U.S. breach notification laws

cover-state-notification-laws.jpg
Understanding your obligations in all of the states in which you do business is the first step toward proper breach preparedness.

know the penalties, timelines, exceptions, and requirements for all 50 u.s. states

In the United States, data breach notification laws are legislated by the states and vary widely in both consumer protection and corporate stringency. Adding to the complexity of US data breach laws, many states (such as Texas) require companies to comply with their laws if they have customers in the state, regardless of where the company is headquartered. This means that in the event of a breach, a company may be required to comply with dozens of distinct sets of state laws – an almost impossible task in a moment of crisis.

The key, however, is proper planning.  For organizations with customers in many states,  this guide is an accessible and up-to-date rundown of the varying data breach notification laws in the US.

Click any state to quickly access the information you’ll need, including:

  • Statute codes, directly linked to corresponding legislature
  • A description briefly explaining statute(s) requirements and/or purpose
  • Legal parameters for personal information
  • Timeframe stipulations
  • Penalties, both per consumer and maximum penalties
  • Exceptions and exemptions