fbpx
 

Breach Notification Laws

Data breach notification laws require companies to implement formal data breach notification polices that cover the procedures for incident reporting and external breach notification. Except just four states – Alabama, Kentucky, New Mexico and South Dakota, every state in the U.S. has passed a breach notification law in the recent past, following the lead of California’s landmark breach disclosure law in 2003. . Breach notification laws require companies to notify their customers about security breaches that involve personal information.

Of course, with all the lobbying that goes on when drafting and passing a new law, there are variations among the laws passed by various states, with immediate discloser of a data breach to customers being the common thread. Some states permit private action against the companies and some don’t. States vary also in the penalties they impose on companies that fail to disclose data breaches with the stipulated time. An interesting fact to note here is that some tough state laws, such as California’s, do not exempt any security breach from the purview of the law, while some others distinguish between material and immaterial breaches.

At the federal level, data breach notification requirements are part of the Privacy Act, the Federal Information Security Management Act, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Federal Credit Reporting Act, the Data Accountability and Trust Act, the Data Breach Notification Act and Personal Data Privacy and Security Act of 2009.

Since no single federal or state law governs the security of all types of confidential personal information, companies that deal with personal information of individuals must ensure they determine which state and federal laws and regulations they must comply with, and ensure they do everything to carefully adhere to the applicable laws.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Performance Guarantee

Miro’s no risk Performance Guarantee is that the amount of cost savings that we uncover will be more than our fees.

Oracle Guides


Microsoft Resources


IBM Resources

Managed Services for Oracle Licensing

Miro’s Managed Services for Oracle licensing is a best practice approach for an organization to optimize and outsource the practice of Software Asset Management to specialized external experts to ensure the organization’s compliance with vendor rules and policies.

Learn More