For every internet user, security should be the top priority. There are countless steps to follow to ensure your data’s safety online, but cyber criminals are always lurking and will jump at any opportunity to strike. Data breaches still happen even when we have our guard up. Navigating United States data breach laws can get confusing, mostly due to a lack of nationwide data breach laws.
Individual states are responsible for setting their own data breach notification legislation and while many states have the interests of victims in mind, not all states are as quick. As the laws vary, so to does the very definition of what a data breach is, though almost all states define a data breach as the unauthorized access to covered information that compromises security, integrity, and confidentiality. Data breaches can result in stolen credit card information all the way to medical records, and in any event the victims have a right to know.
In many cases, the type of data that is snatched by criminals can seem inconsequential. After all, how much harm could a name and one password do? The real danger comes from the results of fraudulent information acquisition which makes prompt notification essential for the safety of victims. States like Alabama, New York, and Ohio take the safety of their citizens very seriously and have a high standard for breach notification requirements. On the other hand, Kansas, Pennsylvania, and Massachusetts have low standards and are slower to introduce legislation that protects victims.
Across the board, immediate notification “without unreasonable delay” is the norm, but what constitutes as an unreasonable delay depends on many factors. In data breach situations that require law enforcement investigation, it may not be made public information that such a crime even took place. Done to avoid interference with investigations, this can leave victims in the dark. Regardless of ongoing investigations, many states require notification to victims within 45 days, but some can extend up to 60 or even 90 days.
Though the laws are complicated, understanding where your state stands on the data breach spectrum is half the battle. How familiar are you with the data breach notification laws in your state? Take a look at this infographic from Digital Guardian for a primer on data breach laws, which states are strict, which states aren’t, and how you can ensure that in the event of a data breach you are notified promptly.