May 15, 2014
(Note: Please view our updated 2015 guide, available here.)
International law firm Weil, Gotshal & Manges LLP announced today the release of its inaugural Security Breach Notification Laws – Data Privacy Survey, written and compiled by counsel David R. Singh in Silicon Valley, and associates John Stratford in Silicon Valley and Jennifer Ramos in New York.
As the number of reported data breaches continues to increase dramatically – more than 600 in 2013 alone, encompassing more than 250 million individual records – state legislatures continue to enact data breach notification laws, which pose significant compliance issues. To date, 47 states have enacted legislation requiring some form of notification following a data breach. Generally, these statutes require companies to notify state residents in a timely fashion when the company becomes aware of a loss of unencrypted data containing a state resident’s personal information; provide an exemption from compliance with the statute where a company maintains its own breach notification policy and the policy is consistent with the requirements of the statute; and in some cases call for notification of the state attorney general or consumer reporting agencies, depending on the extent of the breach. Despite these similarities, substantial variation exists, including regarding who must be notified and when. In responding to a data breach situation, special care and expertise are required to analyze and comply with this patchwork of state laws. Weil’s inaugural Security Breach Notification Laws – Data Privacy Survey is a comprehensive overview of each U.S. state’s data breach notification laws.
Please view our updated 2015 guide, available here.