1. Industry
Send to a Friend via Email

Your suggestion is on its way!

An email with a link to:

http://bizsecurity.about.com/od/informationsecurity/a/statebreach_laws_2.htm

was emailed to:

Thanks for sharing About.com with others!

Data Breach Notification Laws

Know the Laws Protecting Privacy in Your State

By

California

California led the charge on data breach and privacy laws, and the policies adopted by many other states are variations on the west coast theme. For that reason, I'll give them top billing.

The State of California has adopted four sets of laws to address privacy of medical information, credit reporting companies, state agencies, and businesses.

Like most of the states that followed suit, California law requires immediate disclosure of data breaches involving personal information. The State makes only two exceptions: encrypted data and publicly available government records. Unlike many states, California residents also have the right to take private action against companies that disclose their information.

New laws and summaries will be added in state by state order, so check back often to access the legislation for your specific state.

Alaska

Alaska's breach disclosure law requires immediate disclosure of data breaches. Like California, Alaska exempts publicly available government data. Disclosure may only be delayed if law enforcement determines that immediate action would interfere with their investigation. If an investigation determines that consumers are unlikely to suffer harm as a result of the data breach, then disclosure is not required.

Alaska's law also includes civil penalties of up to $500 for each state resident who was not notified of the breach.

You can access the full text of Alaska's breach disclosure law here.

Arizona

The Arizona breach disclosure law requires disclosure of data breaches without unreasonable delay. Arizona residents may be notified of breaches by phone. The law provides for civil and criminal penalities, but Arizona residents do not have the right of private legal action.

You can access the full text of Arizona's breach disclosure law here.

Arkansas

The Arkansas breach disclosure law requires immediate disclosure of data breaches. Arkansas exempts encrypted data laska exempts publicly available government data. Disclosure may be delayed if law enforcement determines that immediate action would interfere with their investigation. If the entity concludes that consumers are unlikely to suffer harm as a result of the data breach, then disclosure is not required.You can read the full text of the Arkansas law here

Missouri

Missouri's breach disclosure law requires disclosure of data breaches without unreasonable delay. Encrypted data is exempted, although the law does not specify an encryption standard. Notification may be delayed if law enforcement believes the notification will impede a criminal investigation. Breaches involving over 1,000 consumers must also be reported to the attorney general's office and all national consumer reporting agencies. Only the attorney general has the authority to bring an action in Missouri; residents do not have the right to take private action. The Missouri breach notification law was passed as part of an omibus bill. You can read the full text of the bill here.

  1. About.com
  2. Industry
  3. Business Security
  4. Information Security
  5. Data Breach - A Guide to Data Breach Notification

©2014 About.com. All rights reserved.