Currently 47 states have data breach notification requirements in effect, which can make compliance extra burdensome when a breach affects customers across state lines.  To add to the complication, in 2015, eight states amended their breach notification laws.

Some changes include:

  • Five states amended their breach notification law to require entities to report a breach to state regulators.
  • Four states expanded the categories of information that constitute trigger information, thereby increasing the risk that a security incident will result in breach notification obligations.
  • Three states set hard deadlines for notifying affected individuals of a breach.

It is critical that employers be aware of the breach notification requirements in the states where they have customers in order to avoid regulatory penalties and potentially litigation in the wake of a security breach.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>