Resource: U.S. State Data Breach Notification Laws

There’s an update to Foley & Lardner’s resource on U.S. state data breach notification laws. They explain what their resource applies and what it doesn’t apply to:

• Exceptions based on compliance with other laws, such as the Health Insurance Portability and Accountability Act (HIPAA) or Gramm-Leach-Bliley Act (GLBA).
• Exceptions regarding good faith acquisition of personally identifiable information (PII) by an employee or agent of an entity for a legitimate purpose of the entity, provided there is no further unauthorized use or disclosure of the PII.
• Exceptions regarding what constitutes PII, such as public, encrypted, redacted, unreadable, or unusable data. The chart indicates whether a safe harbor may be available for data that is considered public, encrypted, redacted, unreadable, or unusable, but the specific guidance will vary based on the circumstances. For example, some states have a safe harbor only for data that is encrypted, whereas other states may have a safe harbor for data that is encrypted or public.
• The manner in which an entity provides actual or substitute notification (e.g., via email, U.S. Mail, etc.).
• Requirements for the content of the notice.
• Any guidance materials issued by federal and state agencies.
• A comprehensive assessment of all laws applicable to breaches of information other than PII.

Browse by News Section

Recent Posts

• Malta’s Prime Minister Announces Legal Reform To Safeguard Ethical Hacking
• Vitalii Antonenko pleads guilty to hacking and other charges
• West Virginia law enforcement sues data broker for publishing personal information online
• Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure
• Late Discovery: CMS and Wisconsin Physicians Service Insurance Corporation notify 947k of last year’s MOVEit data breach
• Ex-Police Scotland employee charged with 44 data breaches
• Free Russia Foundation to investigate data breach after internal documents published online
• Russian And Kazakhstani Men Indicted For Running WWH Club and Other Dark Web Criminal Marketplaces, Forums, And Trainings
• Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
• Russian military hackers linked to critical infrastructure attacks

Contact Me

Have a News Tip?

Email: Tips[at]DataBreaches.net
Signal: +1 516-776-7756
Telegram: @DissentDoe

Sponsored or Paid Posts?

Thank you for your interest, but this site does not accept sponsored posts and does not respond to requests about them.

RSS Feed

• Malta’s Prime Minister Announces Legal Reform To Safeguard Ethical Hacking
• Vitalii Antonenko pleads guilty to hacking and other charges
• West Virginia law enforcement sues data broker for publishing personal information online
• Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure
• Late Discovery: CMS and Wisconsin Physicians Service Insurance Corporation notify 947k of last year’s MOVEit data breach
• Ex-Police Scotland employee charged with 44 data breaches
• Free Russia Foundation to investigate data breach after internal documents published online
• Russian And Kazakhstani Men Indicted For Running WWH Club and Other Dark Web Criminal Marketplaces, Forums, And Trainings
• Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
• Russian military hackers linked to critical infrastructure attacks