By Sam Castic
The Hintze Cybersecurity + Breach Response Group has published a new guide to U.S. state and territory data breach notification laws – the Hintze Data Breach Notice Guide accessible here.
We include in our guide an overview section with a high-level summary of the common provisions that U.S. breach notice laws contain. We also provide a set of detailed charts covering each of the 54 states and jurisdictions. We gathered our collective decades of experience working with breaches to organize these charts in a way we think is more usable in the midst of a breach crisis.
We uniquely organize the charts to reflect the steps you must typically consider when assessing what to do in response to a breach that involves personal information. By breaking these into four charts based on the phases of a breach analysis, the guide allows you to quickly access and focus on the information you need when you need it. These four charts are grouped as follows:
1. Is Notice Required? We summarize the types of personal information and incidents that are triggers for breach notice, as well as the types of exceptions that could apply.
2. How and When to Notify Individuals? We address the deadlines and methods for providing individual notifications, along with the specific details that individuals must be informed of in these notifications.
3. How and When to Notify Agencies? We identify which state agencies require notifications, along with deadlines, requirements, and contact information for these state agencies. We also summarize consumer reporting agency notification requirements.
4. What Are the Penalties? We also outline the penalties that the law prescribes for violations to help you assess risk and potential impact.
In our guide we include the most relevant information you need in the form of direct quotes from statutes to help you gain a direct but unfiltered understanding of the requirements and nuances and to facilitate analysis of the differences between the laws. We also include links directly to the relevant statutory sections so that you can quickly and easily dig deeper into specific laws and requirements.
Sam Castic is a partner with Hintze Law and co-chair of the Cybersecurity + Breach Response Group with 15 years of global privacy and cybersecurity experience. Sam counsels e-commerce, fintech, technology, telecom, social media, retail, and advertising clients from early-stage startups to the biggest global companies.
Hintze Law is a Chambers-ranked U.S. law firm that focuses exclusively on privacy and data security. Our Cybersecurity + Breach Response Group of seasoned attorneys and professionals work as trusted advisors to help clients prepare for and navigate breach responses, with an emphasis on strategic support that considers the business, risk, and practical considerations clients must balance.