The Law of the Land – States Without Data Breach Laws Face Serious Problems

12 05 2010

There are currently four states in the US that lack any data breach legislation.  Alabama, Kentucky, New Mexico and South Dakota make up this list.  It is great to see that so many states are currently pursuing legislation and have legislation in place to make data breaches less dangerous for those involved.  However, with four states still lagging behind in this area, many companies are still not liable for notification because of location.  For instance, many companies that would normally have to report any sensitive data loss or breach in their business may not have to with their corporate headquarters located in these areas.

Kentucky recently suffered a data breach with the Our Lady Peace hospital compromising thousands of patients’ personal information.  The hospital did notify the patients, which was very positive in a state where it is not made mandatory.  However, it’s clear that breaches can occur anywhere and thus, everywhere needs to have some laws in place.

I’m certainly not calling out states to force companies to reveal data breaches, but when someone’s data is in the wrong hands, it’s important for them to know so that they can take the necessary action to prevent any problems.  This has nothing to do with company integrity.  This is about people who may suffer a fate of financial downfall or complete identity theft with the loss of their data.

States without data breach laws are soon to follow as their ranks shrink.  With Mississippi enacting data breach legislation this year, it is becoming apparent that data security is necessary in this increasingly data-filled world.

As we continue to discuss Data Breach Laws in our “Law of the Land” blog series, look for your own state to learn more about what laws are in place.


The Law of the Land – Data Breach Laws in the US

30 04 2010

As data security continues to become more of a priority for countries worldwide, the US has begun developing more and more legislation each day.  Most laws are state-by-state, with only a few federal laws in place.  We will be covering these state laws more in-depth in an effort to provide a better understanding for everyone.  To begin, let’s take a look at some recently passed laws in Mississippi and California.


A bill has just passed in the California Senate that will expand data breach notification laws in the state.  After already passing SB-1386 in 2003, the state is looking to expand this law.  SB-1386 requires any person, business or government agency that comprises data that is not their own to notify those who have been affected by the data breach.  Under this law, the breached person or organization does not have to reveal the amount of information affected, what was affected and various other specifics.

SB-1186 is the proposed law that would make this information necessary within the notification of those affected.    It would also require breaches of 500 or more records would need to be submitted to the state attorney general’s office.  This bill has just passed the California Senate and is awaiting deliberation in the House.  This bill has already been presented once and was vetoed by Governor Schwarzenegger.


Mississippi became the 46th state to pass data breach legislation earlier this year.  By passing House Bill 583, the state requires “any person who conducts business in this state” to notify the “owner or licensee” of the data that they manage of the breach.  This does not require any specific information to be included in the notification, but it is also the first piece of data breach legislation that the state has deliberated over.  The state allows a delay of notification if authorities believe that it will hinder a criminal investigation.

These are the two most recent states deliberating and passing data breach notification laws.  After California’s landmark SB-1386, 46 states have followed suit.  This leaves Alabama, Kentucky, New Mexico and South Dakota as the last four states without legislation.  We will be discussing the laws state by state as time goes on.  Keep an eye out for your state in the future!