Council Foundation Logo Leaders Edge

Currently 47 states have data breach notification requirements in effect, which can make compliance extra burdensome when a breach affects customers across state lines.  To add to the complication, in 2015, eight states amended their breach notification laws.

Some changes include:

  • Five states amended their breach notification law to require entities to report a breach to state regulators.
  • Four states expanded the categories of information that constitute trigger information, thereby increasing the risk that a security incident will result in breach notification obligations.
  • Three states set hard deadlines for notifying affected individuals of a breach.

It is critical that employers be aware of the breach notification requirements in the states where they have customers in order to avoid regulatory penalties and potentially litigation in the wake of a security breach.

Leave a Reply

You must be logged in to post a comment.