State Data Breach Notification Laws – Overview of Requirements for Responding to a Data Breach – UPDATED JULY 2018

With the ever-changing complexity of state data breach notification laws, companies facing a data breach need resources that will help them understand the issues. This summary provides an overview of the similarities and differences in data breach laws adopted in the 50 United States and the District of Columbia and includes laws enacted since our last update. Alabama and South Dakota became the last states to adopt breach notification laws, which took effect on May 1, 2018 and July 1, 2018, respectively. As a practical matter, most companies that experience a breach will be required to comply with all or several state laws depending on where the data subjects reside, and international data breach notification laws may also apply.

Because privacy is a politically popular topic for legislators, laws continue to evolve and change. It is important to confirm that no changes have been made to relevant laws whenever you experience a data breach. While this summary focuses on data breach notification obligations, many state laws also impose specific data security requirements for companies that handle personal information, which should also be consulted.

This summary is intended to provide general information about applicable laws and does not constitute legal advice regarding specific facts or circumstances. 

To download a copy, click here.

For more information on privacy and data security matters, please contact us:

Sheila Millar (+1 202.434.4143, millar@khlaw.com)

Tracy Marshall (+1 202.434.4234, marshall@khlaw.com)