Data breach notification laws meet the rising tide of cybercrime

A bird’s eye view of state laws mandating notification in the event of unauthorized access to personal information

Given the unrelenting onslaught of cyber attacks peppering the news, it is a good time for inside counsel to brush up on the laws designed to address data breaches. In a prior column, I discussed potential theories of civil liability for data breaches. Here, we take a bird’s eye view of state laws mandating notification in the event of unauthorized access to personal information.

Almost every state has such laws. While they vary in their specifics, the basic elements of these statutes are the same. Since we don’t have enough space to do a detailed analysis of each and every one of these statutes, we will instead review the common elements and illustrative examples. For those interested in a deeper dive, an excellent resource can be found online.

Contributing Author

author image

Adam Cohen

Adam Cohen is Managing Director at Berkley Research Group and a Certified Information Systems Security Professional (CISSP) and former practicing attorney who for more than 20 years...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.