Collection of Breach Notification Laws

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

In this page I have collected Information Security Breach Notification Laws from around the world.  This page is very much a work in progress.

 

USA Federal Security Breach Notification Laws and Rules

  1. HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF)
  2. Federal Trade Commission’s Health Breach Notification FINAL Rule (PDF)

US State Security Breach Notification Laws and Rules

  1. Alaska
    1. Personal Information Protection Act (HB 65, PDF)
  2. Arizona
    1. Breach Notification Law
  3. Arkansas
    1. Personal Information Protection Act (AR-PIPA)
    2. Breach Notification Law (Within the above)
  4. California
    1. Confidential of Medical Information Act
    2. Security Breach Notice Law of 2012
  5. Colorado
    1. Breach Notification Law
  6. Connecticut
    1. Breach Notification Law
  7. Delaware
    1. Breach Notification Law
  8. Florida
    1. Breach Notification Law
  9. Georgia
    1. Breach Notification Law
  10. Hawaii
    1. Breach Notification Law
  11. Idaho
    1. Breach Notification Law
  12. Illinois
    1. Personal Information Protection Act
  13. Indiana
    1. Indiana Public Law 137 (HB 1121):  ID Theft and Breach Notification
    2. Breach Notification Law 24.4.9
  14. Iowa
    1. Breach Notification Law
  15. Kansas
    1. Protection of Consumer Information Law
  16. Louisiana
    1. Database Security Breach Notification Law (select “Next Section” to see all of the law’s provisions)
  17. Maine
    1. Notice of Risk to Personal Data Law (Including Breach Notification Law)
    2. Maine Public Law 161, modifying Breach Notification Law
  18. Maryland
    1. Security Breach Law (14-3504)
  19. Massachusetts
    1. Breach Notification Law (201 CMR 17:00)
  20. Michigan
    1. Identity Theft Protection Act (Act 459)
  21. Minnesota
    1. Breach Disclosure Law
  22. Missouri
    1. Breach Notification Law (HB 62)
  23. Montana
    1. Breach Notification Law (resulting from breach of insurance – related databases)
    2. Impediment of Identity Theft Law(Including Security Breach)
  24. Nebraska
    1. Breach of Security Law (87-803)
  25. Nevada
    1. Security of Personal Information (603A)
  26. New Hampshire
    1. Notification Of Security Breach Required (359-C:20)
  27. New Jersey
    1. Breach Notification Law
  28. New York
    1. Breach Notification Law
  29. North Carolina
    1. Identity Theft Protection Act (75-2a)
  30. North Dakota
    1. Notice of Security Breach to Personal Information Law (PDF)
  31. Ohio
    1. Private Disclosure of Security Breach of Computerized Personal Information Data
  32. Oklahoma
    1. Security Breach Notification Act (PDF)
  33. Oregon
    1. Oregon Consumer Identity Theft Protection Act (Breach Notification)
  34. Pennsylvania
    1. Breach of Personal Information Notification Act (SB712, 73.2301)
  35. Rhode Island
    1. Identity Theft Protection
  36. South Carolina
    1. Breach Notification Law § 39-1-90
  37. Texas
    1. HB 2004 (of 2009) – Security Breach Notification Law
  38. Utah
    1. Office of the Attorney General, Identity Theft Reporting System (IRIS)
    2. Consumer Credit Protection Act (SB69)
    3. Disclosure of System Security Breach (13-44-202)
  39. Vermont
    1. Protection of Personal Information (Including Breach)
  40. Virginia
    1. Breach Notification Law (HB 1469 / SB 307)
  41. Virgin Islands (including Saint Croix, Saint John, Saint Thomas, Water Island)
    1. Disclosure of Breach of Security (2208, 2209)
  42. Washington
    1. Personal Information – Notice of Security Breaches 19.255
  43. Washington DC
    1. Consumer Security Breach Notification (PDF)
  44. West Virginia
    1. Breach of Security of Consumer Information
  45. Wisconsin
    1. Wisconsin Office of Privacy Protection
    2. Notice of Unauthorized Acquisition of Personal information (This is a PDF of the entire 134 Chapter. Look for section 98)
  46. Wyoming
    1. Consumer Protection Act (SF53 PDF)

 

International Breach Laws

 

  1. Guernsey / Bailliage de Guernesey (UK Protectorate, not a part of the EU)
    1. Data Protection Commissioner
      1. Notification Exemption Self-Assessment Guide
      2. Breach Notification Handbook (PDF)
  2. Ireland / Éire (Member EU, OECD, CE, Schengen (only partially implamented))
    1. Data Protection Commissioner
      1. Breach Notification Guidelines

 

 

One thought on “Collection of Breach Notification Laws

Comments are closed.