Data Breach Notification Statutes
Data security is quickly becoming one of the most pressing issues affecting businesses. The security threats are numerous – “hacker attack,” point-of-sale network intrusion (e.g., Target), stolen hard drives and laptops containing customer or employee information – and no company is immune, regardless of its size or its industry. In fact, a recently-published research report by the Ponemon Institute found companies have a nearly 20% chance of suffering a data security breach involving 10,000 or more records over the next 24 months, at an average cost to the company of $201 per record breached.
Organizations are legally required to take specific steps if the security of consumer or employee data they are holding is compromised. One of the most immediate and important is notifying consumers or employees of the breach. Forty seven states have adopted statutes requiring such notification. However, there is no single, national standard for notification, and the various state laws vary widely about when notice is required, how it must be given, timing and other important features.
Our Privacy and Data Security team has decoded and distilled the 47 different sets of state laws into an easily usable chart containing each state’s notification requirements. Click HERE to download a copy of our chart, which includes both a high-level dashboard of notification requirements and specific state-by-state detail.
We sincerely hope your organization never needs to consult this chart! If it does experience a data security breach, we strongly suggest that you contact our Privacy and Data Security team as soon as possible to make sure that all other legal requirements (such as providing notice to regulators or working through insurance and indemnity issues) are properly managed.
To contact our Privacy and Data Security team or with any questions about this chart or notification requirements, please contact:
PDF of News Alert