Data breach notification laws vary across the U.S. Here’s a guide to see how well your state laws protect you.
2 min read
There’s no federal law when it comes to consumer protections regarding data breaches in the U.S. Laws vary by state. While some might be strict and others loose, it’s important to know what’s happening in your state and just how protected — or unprotected — you are.
Related: The Worst Data Breaches in the U.S., Ranked State by State
While laws might vary, they do share one thing in common — almost all states define a data breach as the “unauthorized acquisition of covered information that compromises security, integrity and confidentiality.” To break it down further, covered information usually includes first and last names along with social security numbers, driver’s license numbers, email addresses and passwords, credit card numbers and medical records.
When a breach is discovered, a majority of states require immediate notification, while states such as Alabama, Ohio, Vermont, Maryland and New Mexico allow a 45-day grace period. In Tennessee, people don’t have to be notified for up to 90 days. How you’re notified that you’ve been a victim of a data breach is another item that varies by state. Many states require written notice, and others allow telephone or electronic notices.
Related: How To Protect Your Small Business Against A Data Breach
So which states are the toughest on data breaches? Alabama, California, New Jersey, Ohio, South Carolina and Utah are some of the states with the strictest legislation. Arizona, Colorado and Hawaii stand somewhere in the middle, and on the other end of the spectrum are Mississippi and Kentucky, followed by Washington D.C., Pennsylvania, Georgia and Arkansas.
To find out how well your state’s protecting you the effects of a data breach, check out Digital Guardian’s infographic below.