See the penalties, timelines, exceptions, and requirements for all 50 U.S. states.

In the United States, data breach notification laws are legislated by the states and vary widely in both consumer protection and corporate stringency. Adding to the complexity of US data breach laws, many states (such as Texas) require companies to comply with their laws if they have customers in the state, regardless of where the company is headquartered. This means that in the event of a breach, a company may be required to comply with dozens of distinct sets of state laws – an almost impossible task in a moment of crisis.

The key, however, is proper planning.  For organizations with customers in many states,  this guide is an accessible and up-to-date rundown of the varying data breach notification laws in the US.

Click any state to quickly access the information you’ll need, including:

  • Statute codes, directly linked to corresponding legislature
  • A description briefly explaining statute(s) requirements and/or purpose
  • Legal parameters for personal information
  • Timeframe stipulations
  • Penalties, both per consumer and maximum penalties
  • Exceptions and exemptions