State Security Breach Notification Laws
46 out of 50 plus the District of Columbia have compliance requirement if there is a security breach with personal information
The landscape for CIOs and protection of personal information continues to become more complex as more states add breach notification laws. Currently forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
Each of these requirements need to be reviewed as the laws typically apply to not only enterprises that have "operations" in those states but also if the state's "residents" or "enterprises" are affected.
Order Compliance Management Kit Download Selected Pages
The graphic clearly depicts the magnitude of the current situation and the table provided by The National Conference of State Legislatures includes links to the individual states.The Security Manual Template address each of these mandate requirements.
| Alaska | Alaska Stat. § 45.48.010 et seq. |
| Arizona | Ariz. Rev. Stat. § 44-7501 |
| Arkansas | Ark. Code § 4-110-101 et seq. |
| California | Cal. Civ. Code §§ 56.06, 1785.11.2, 1798.29, 1798.82 |
| Colorado | Colo. Rev. Stat. § 6-1-716 |
| Connecticut | Conn. Gen Stat. 36a-701b |
| Delaware | Del. Code tit. 6, § 12B-101 et seq. |
| Florida | Fla. Stat. § 817.5681 |
| Georgia | Ga. Code §§ 10-1-910, -911 |
| Hawaii | Haw. Rev. Stat. § 487N-2 |
| Idaho | Idaho Stat. §§ 28-51-104 to 28-51-107 |
| Illinois | 815 ILCS 530/1 et seq. |
| Indiana | Ind. Code §§ 24-4.9 et seq., 4-1-11 et seq. |
| Iowa | Iowa Code § 715C.1 |
| Kansas | Kan. Stat. 50-7a01, 50-7a02 |
| Louisiana | La. Rev. Stat. § 51:3071 et seq. |
| Maine | Me. Rev. Stat. tit. 10 §§ 1347 et seq. |
| Maryland | Md. Code, Com. Law § 14-3501 et seq. |
| Massachusetts | Mass. Gen. Laws § 93H-1 et seq. |
| Michigan | Mich. Comp. Laws § 445.72 |
| Minnesota | Minn. Stat. §§ 325E.61, 325E.64 |
| Mississippi | 2010 H.B. 583 (effective July 1, 2011) |
| Missouri | Mo. Rev. Stat. § 407.1500 |
| Montana | Mont. Code §§ 30-14-1704, 2-6-504 |
| Nebraska | Neb. Rev. Stat. §§ 87-801, -802, -803, -804, -805, -806, -807 |
| Nevada | Nev. Rev. Stat. §§ 603A.010 et seq., 242.183 |
| New Hampshire | N.H. Rev. Stat. §§ 359-C:19, -C:20, -C:21 |
| New Jersey | N.J. Stat. 56:8-163 |
| New York | N.Y. Gen. Bus. Law § 899-aa |
| North Carolina | N.C. Gen. Stat § 75-65 |
| North Dakota | N.D. Cent. Code § 51-30-01 et seq. |
| Ohio | Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192 |
| Oklahoma | Okla. Stat. § 74-3113.1 and § 24-161 to -166 |
| Oregon | Oregon Rev. Stat. § 646A.600 et seq. |
| Pennsylvania | 73 Pa. Stat. § 2303 |
| Rhode Island | R.I. Gen. Laws § 11-49.2-1 et seq. |
| South Carolina | S.C. Code § 39-1-90 |
| Tennessee | Tenn. Code § 47-18-2107, 2010 S.B. 2793 |
| Texas | Tex. Bus. & Com. Code § 521.03, Tex. Ed. Code 37.007(b)(5) (2011 H.B. 1224) |
| Utah | Utah Code §§ 13-44-101, -102, -201, -202, -310 |
| Vermont | Vt. Stat. tit. 9 § 2430 et seq. |
| Virginia | Va. Code § 18.2-186.6, § 32.1-127.1:05 |
| Washington | Wash. Rev. Code § 19.255.010, 42.56.590 |
| West Virginia | W.V. Code §§ 46A-2A-101 et seq. |
| Wisconsin | Wis. Stat. § 134.98 et seq. |
| Wyoming | Wyo. Stat. § 40-12-501 to -502 |
| District of Columbia | D.C. Code § 28- 3851 et seq. |
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota.
