March 27, 2015
Updated January 25, 2016
International law firm Weil, Gotshal & Manges LLP announced today the release of the 2016 edition of its Security Breach Notification Laws – Data Privacy Survey, written, compiled, and updated by counsel David R. Singh in Silicon Valley, and associates John Stratford in Silicon Valley and Jennifer Ramos in New York.
As the number of reported data breaches continues to increase dramatically – nearly 300 in 2013 alone, encompassing more than 67 million individual records – state legislatures continue to enact data breach notification laws, which pose significant compliance issues. To date, 47 states have enacted legislation requiring some form of notification following a data breach. Generally, these statutes require companies to notify state residents in a timely fashion when the company becomes aware of a loss of unencrypted data containing a state resident’s personal information; provide an exemption from compliance with the statute where a company maintains its own breach notification policy and the policy is consistent with the requirements of the statute; and in some cases call for notification of the state attorney general or consumer reporting agencies, depending on the extent of the breach. Despite these similarities, substantial variation exists, including regarding who must be notified and when. In responding to a data breach situation, special care and expertise are required to analyze and comply with this patchwork of state laws. Weil’s Security Breach Notification Laws – Data Privacy Survey is a comprehensive overview of each U.S. state’s data breach notification laws.
To read Weil’s 2016 Data Privacy Survey, please download it here, and check back often as we update to account for newly enacted legislation.