Every State Now Has a Data Breach Notification Law

Alabama Republican Gov. Kay Ivey has signed a bill that makes her state the 50th and final one to enact a consumer data breach notification law.

By Jenni Bergal

Alabama Republican Gov. Kay Ivey has signed a bill that makes her state the 50th and final one to enact a consumer data breach notification law.

The measure requires that residents be notified within 45 days after a breach has been discovered if it is reasonably likely to cause substantial harm. The notification could be delayed if it would interfere with a law enforcement investigation.

Until recently, Alabama and South Dakota were the only states that didn’t have data breach notification laws.

Last month, South Dakota Gov. Gov. Dennis Daugaard, a Republican, signed a measure into law that would require affected residents to be notified within 60 days of a data breach’s discovery.

Legislators in a number of states have been trying to toughen consumer protections, in the wake of law year’s massive Equifax breach that exposed the personal data of nearly 148 million Americans.

Last year, there were a record 1,579 data breaches in the United States, a nearly 45 percent hike over the previous year, according to the Identity Theft Resource Center, a nonprofit that helps victims of identity theft and promotes public awareness.

Yesterday, retail company Hudson’s Bay, which owns Lord & Taylor and Saks Fifth Avenue, announced that it had been the victim of hacking by cybercriminals. A cybersecurity research firm said the hackers had obtained more than 5 million customer credit and debit card numbers.

At least 29 states are taking up consumer security breach notification bills this year, according to the National Conference of State Legislatures. In more than a dozen states, measures would require residents to be notified within a given time, from 48 hours up to 60 days. 

State laws dealing with security breach notification vary considerably, from when affected victims must be notified to what is considered personal information. 

Caroline Cournoyer is GOVERNING's senior web editor.
Special Projects
Sponsored Stories
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
Sponsored
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.
Sponsored
As more people get vaccinated and states begin to roll back some of the restrictions put in place due to the COVID-19 pandemic — schools, agencies and workplaces are working on a plan on how to safely return to normal.
Sponsored
The solutions will be a permanent part of government even after the pandemic is over.
Sponsored
See simple ways agencies can improve the citizen engagement experience and make online work environments safer without busting the budget.
Sponsored
Whether your agency is already a well-oiled DevOps machine, or whether you’re just in the beginning stages of adopting a new software development methodology, one thing is certain: The security of your product is a top-of-mind concern.
Sponsored
The World Economic Forum predicts that by 2022, over half of the workforce will require significant reskilling or upskilling to do their jobs—and this data was published prior to the pandemic.
Sponsored
Part math problem and part unrealized social impact, recycling is at a tipping point. While there are critical system improvements to be made, in the end, success depends on millions of small decisions and actions by people.
Sponsored
Government legal professionals are finding Lexis+ Litigation Analytics from LexisNexis valuable for understanding a judge’s behavior and courtroom trends, knowing other attorneys’ track records, and ensuring success in civil litigation cases.