While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to rise, states are responding with increasingly frequent and divergent changes to their statutes, creating challenges for compliance. Organizations must make it a priority to monitor these changes to prepare for and respond to data breaches.
For a summary of basic state notification requirements that apply to entities who “own” data, download Foley’s State Data Breach Notification Laws Chart. This chart is current as of May 2021, and should be used for informational purposes only because the recommended actions an entity should take if it experiences a security event, incident, or breach vary depending on the specific facts and circumstances.
This chart does not cover non-owners of data. If you do not own the data at issue, consult the applicable laws and contact legal counsel. This chart also does not cover:
For more information about state data breach notification laws or other data security matters, please contact one of the following individuals listed below or another member of Foley’s Cybersecurity practice.
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns