Resource Center

Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.

State Data Breach Notification Chart

Cheryl Saniuk-Heinig

Each column can be filtered to allow notification laws with certain features to be hidden or prioritized. As a starting point, a practitioner could filter the “Timeframe for Breach Notification” column to identify which states have the shortest notification window to further investigate the state-specific requirements. For convenience, the IAPP has also included subsequent sheets with three categories of pre-sorted data:

This chart does not include exceptions to or additional compliance requirements with federal laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act. Additionally, an entity must determine if it owns, controls or licenses “personally identifiable information” before it can determine if the “personally identifiable information” was compromised in a “breach” (compared to a security “event” or “incident”), which will be uniquely defined by each law.

NOTE: This tool is for informational purposes only and is not legal advice. State requirements, including any recent changes, should always be verified via official sources. Requirements, if there is a security event, incident or breach, will vary depending on the specific facts, locations and circumstances.

Related Stories
Irish DPC: A Practical Guide to Personal Data Breach Notifications under the GDPR

This guidance from the Data Protection Commission aims to give data controllers some practical advice on how to handle data breaches and understand data breach notifications under the EU General Data Protection Regulation. Click To View .

Data Breach Notification in the United States and Territories

This report from Privacy Rights Clearinghouse took a close look at the current landscape of data breach notification statutes across the country and identified key disparities in the level of protections that each statute affords. Their analysis compares each state’s data breach notification statute.

About

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally.

Become a member

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.

© 2024 International Association of Privacy Professionals.
All rights reserved.

Pease International Tradeport, 75 Rochester Ave.
Portsmouth, NH 03801 USA • +1 603.427.9200