What are Data Breach Notification Laws? featured image

What are Data Breach Notification Laws?

by John DiGiacomo

Partner

Data Breach

What are data breach notification laws? Many people have heard about, or have themselves been potentially victimized by a data breach. Your credit card information might have been hacked, or your personal identifying information might have been exposed in a data security breach. But many people do not realize that there are legal protections in place that require businesses and governments to notify potential victims when there is a data security breach.

What Are Data Breach Notification Laws?

At present, there are a few national standards in place regarding data breach notification of potential victims, but federal laws are limited at this time to financial institutions (the Gramm-Leach-Bliley Act, 15 U.S.C. Section 6801, et seq., which requires notification when nonpublic personal information of a consumer is breached) and the healthcare industry (the Health Insurance Portability and Accountability Act, 45 CFR Sections 106.103, 164.400-414, and 42 U.S.C. Section 1320d, et seq., which requires notification when a patient’s protected health information is breached).

Laws Vary From State to State

Data breach notification laws vary from state to state. However, as a general rule these laws are written consistent with a typical format. Data breach notification laws typically:

  • Outline who the law applies to (i.e., private entities, government entities, educational institutions, etc.). Oftentimes, data breach notification laws apply to government entities, private entities, and educational institutions.
  • Provide a definition as to what is personal information for the purposes of the notification law. In most states, “personal information” includes data such as a person’s first and last name, Social Security number, driver’s license number, state-issued identification card number, account number, credit card or debit card number and security code, access code, or PIN necessary to access the account, credit card or debit card.
  • Provide an explanation of what constitutes a data security breach. Typically, a data security breach involves an unauthorized breach of the security of a system thereby gaining access to personal information. The specific definition associated with breach notification laws can vary greatly by state.
  • Include details concerning what is required for compliance with the data breach notification law. Examples include identification of the timeframe in which notifications must be made, whether the notification must be made in writing, and specific information that must be included in the data breach notification.
  • Identify any exemptions to the data breach notification laws. In some states, if data is encrypted it might be exempt from state data breach notification laws.
  • Address the penalties associated with a failure to comply with the law. Each state identifies the penalties associated with a failure to comply with the state’s breach notification laws.

Talk to a Data Breach Lawyer

Cybersecurity is as an area of law is constantly changing and evolving. Revision Legal has worked with a number of businesses in assessing data retention risks and providing legal counsel on data security breach notifications in all 50 states. If you have concerns about your exposure or have recently received a data breach notification, contact the experienced attorneys at Revision Legal straightaway. Civil fines are available in some states for a failure to expeditiously notify those affected by breaches. Contact Revision Legal’s internet lawyers using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Jim Kaskade.

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side