Contact us Today!

Data Breach Notification Laws: Another Aspect of Privacy Compliance

Data Breach Notification Laws and Privacy Compliance

In addition to comprehensive privacy regulations, such as  California’s Consumer Privacy Act and Privacy Rights Act, which are just emerging at the state level, all U.S. states already have breach notification regulations.  Furthermore, data breaches of certain information might give rise to notification obligations under federal law, such as HIPAA.  Failure to properly monitor, document and report data breaches can lead to costly regulatory investigations, steep fines, and potential lawsuits. When privacy is compromised, consumers and employees lose trust in a company’s ability to manage personal data.

State Data Breach Notification Laws

Alabama Ala. Code § 8-38-1 et seq.
Alaska Alaska Stat. § 45.48.010 et seq.
Arizona Ariz. Rev. Stat. § 18-551 to -552
Arkansas Ark. Code §§ 4-110-101 et seq.
California Cal. Civ. Code §§ 1798.291798.82, CCPA Regulation
Colorado Colo. Rev. Stat. § 6-1-716
Connecticut Conn. Gen Stat. §§ 36a-701b, 4e-70
Delaware Del. Code tit. 6, § 12B-101 et seq.
Florida Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i)
Georgia Ga. Code §§ 10-1-910 to -912; 46-5-214
Hawaii Haw. Rev. Stat. § 487N-1 et seq.
Idaho Idaho Stat. §§ 28-51-104 to -107
Illinois 815 ILCS §§ 530/1 to 530/25, 815 ILCS 530/55 (2020 S.B. 1624)
Indiana Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq.
Iowa Iowa Code §§ 715C.1, 715C.2
Kansas Kan. Stat. § 50-7a01 et seq. 
Kentucky KRS § 365.732, KRS §§ 61.931 to 61.934 
Louisiana La. Rev. Stat. §§ 51:3071 et seq.
Maine Me. Rev. Stat. tit. 10 § 1346 et seq.
Maryland Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
Massachusetts Mass. Gen. Laws § 93H-1 et seq.
Michigan Mich. Comp. Laws §§ 445.63, 445.72
Minnesota Minn. Stat. §§ 325E.61, 325E.64
Mississippi Miss. Code § 75-24-29
Missouri Mo. Rev. Stat. § 407.1500
Montana Mont. Code §§ 2-6-1501 to -1503, 30-14-1704, 33-19-321
Nebraska Neb. Rev. Stat. §§ 87-801 et seq.
Nevada Nev. Rev. Stat. §§  603A.010 et seq., 242.183
New Hampshire N.H. Rev. Stat. §§ 359-C:19, 359-C:20, 359-C:21
New Jersey N.J. Stat. § 56:8-161, 163
New Mexico N.M. Stat. §§ 57-12C-1
New York N.Y. Gen. Bus. Law § 899-AA
North Carolina N.C. Gen. Stat §§ 75-61, 75-65, 14-113.20
North Dakota N.D. Cent. Code §§ 51-30-01 et seq.
Ohio Ohio Rev. Code §§ 1347.121349.19, 1349.191, 1349.192
Oklahoma Okla. Stat. §§ 74-3113.1, 24-161 to -166
Oregon Oregon Rev. Stat. §§ 646A.600 to .628
Pennsylvania 73 Pa. Stat. §§ 2301 et seq.
Rhode Island R.I. Gen. Laws §§ 11-49.3-1 et seq.
South Carolina S.C. Code § 39-1-90
South Dakota S.D. Cod. Laws §§ 20-40-19 to -26
Tennessee Tenn. Code §§  47-18-2107; 8-4-119
Texas Tex. Bus. & Com. Code §§ 521.002, 521.053
Utah Utah Code §§ 13-44-101 et seq.
Vermont Vt. Stat. tit. 9 §§ 2430, 2435
Virginia  Va. Code §§ 18.2-186.6, 32.1-127.1:05
Washington Wash. Rev. Code §§ 19.255.010, 42.56.590
West Virginia  W.V. Code §§ 46A-2A-101 et seq.
Wisconsin Wis. Stat. § 134.98
Wyoming Wyo. Stat. § 6-3-901(b), §§ 40-12-501 to -502
District of Columbia D.C. Code §§ 28- 3851 et seq., 2020 B 215
Guam  9 GCA §§ 48-10 et seq.
Puerto Rico 10 Laws of Puerto Rico §§ 4051 et seq.
Virgin Islands  V.I. Code tit. 14, §§ 2208, 2209


Know Your Data to Comply with Breach Notification Laws

Data inventory and mapping is an essential first step to building a successful data breach response notification plan. The law typically requires notification in cases when certain personal information in breached.  Therefore, you need to understand what personal information your organization collects, processes, and stores. Furthermore, an ongoing data mapping can illuminate data processing areas that were missed initially or where the process has changed. Organizations that do not inventory or map their data after they have set their processes may find that they are working from out-of-date information and therefore open themselves to potential liability.

Clarip’s data mapping software tools can automate the process of understanding what data is collected by the organization, where data is collected, where data is stored, and whether and with whom it is shared.  Early awareness of changes to your data and prompt notification of these changes provided by the Clarip’s software gives your team an edge on information risks and will help you comply with the applicable breach notification laws.


Access Clarip’s Privacy Whitepapers Today


For assistance with Consumer Deletion Requests, call Clarip today at 1-888-252-5653 or contact us.

Privacy News
Clarip Blog

What Your Company Needs to Know About Regulations of Biometric Data
Right to Opt-Out of Sale of Personal Data Under the California and Nevada Laws
Responding to Personal Data Deletion Requests Under the California Consumer Privacy Act
Right to Opt-Out of Sale of Personal Data Under the California and Nevada Laws
Verifiable Data Subject Requests under the GDPR and the CCPA
Other Resources

California Consumer Privacy Act
CCPA Summary
CCPA Privacy Software
CCPA Webinar
SB-1121 Amendments

GDPR Compliance
Consent Management Software
GDPR Data Mapping Software
DSAR Portal