Breach Notification Laws

Data breach notification laws require companies to implement formal data breach notification polices that cover the procedures for incident reporting and external breach notification. Except just four states – Alabama, Kentucky, New Mexico and South Dakota, every state in the U.S. has passed a breach notification law in the recent past, following the lead of California’s landmark breach disclosure law in 2003. . Breach notification laws require companies to notify their customers about security breaches that involve personal information.

Of course, with all the lobbying that goes on when drafting and passing a new law, there are variations among the laws passed by various states, with immediate discloser of a data breach to customers being the common thread. Some states permit private action against the companies and some don’t. States vary also in the penalties they impose on companies that fail to disclose data breaches with the stipulated time. An interesting fact to note here is that some tough state laws, such as California’s, do not exempt any security breach from the purview of the law, while some others distinguish between material and immaterial breaches.

At the federal level, data breach notification requirements are part of the Privacy Act, the Federal Information Security Management Act, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Federal Credit Reporting Act, the Data Accountability and Trust Act, the Data Breach Notification Act and Personal Data Privacy and Security Act of 2009.

Since no single federal or state law governs the security of all types of confidential personal information, companies that deal with personal information of individuals must ensure they determine which state and federal laws and regulations they must comply with, and ensure they do everything to carefully adhere to the applicable laws.

Leave a Comment

Your email address will not be published. Required fields are marked *


Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

(732)738–8511 x1208
Use the chat box on the right

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.