Tag Archives: breach notification statutes

When it Comes to Privacy Laws, California Leads the Way

California is, by far, the king of states when it comes to privacy laws. California’s constitution is one of only 10 state constitutions that contain an explicit “right to privacy,” recognizing each citizen’s “inalienable right” to privacy. Its state laws in many areas have often been precursors to federal legislation or national legislative movements, and that’s certainly true in privacy law as well. For example, California had health privacy laws before HIPAA even existed, and it had the nation’s first data breach notification law, which spawned copycat legislation in almost every state. Last month, California passed a few more laws …


Is a Uniform Federal Data Breach Law Really Necessary?

In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called “patchwork” of state laws that exist in all but a handful of states. On July 7, 2015, the Attorneys General of 47 states and US territories joined together in a letter to congressional leaders opposing …


What is “Personal Information?” It Depends on Where You Live

Breach notification statutes have been enacted in 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands.  Only Alabama, New Mexico and South Dakota have not adopted such laws.  In general, a business has no obligation to provide notification unless a breach compromises “personal information.”  There is no uniform definition of “personal information.”  It varies from state to state depending upon how “personal information” is defined in that state’s breach notification statute.  There are common elements found in all state statutes.  For instance, all the statutes define “personal information” to include: first name, last name, or first initial …