If you fall victim to a cyber-attack in the United States, do you know each state has different laws when it comes to a data breach?
The Definitive Guide to US State Data Breach Laws from Digital Guardian is a comprehensive report of what you can expect from all 50 states, the District of Columbia, Guam, Puerto Rico and the US Virgin Islands in the event of a cyber-attack.
State Cybersecurity Laws
Knowing the laws in each state is important because as a digital small business owner your customers can be in any one of the 50 states, or around the world for that matter. The guide from Digital Guardian shows you the laws enacted by the different states in March of 2018 as announced by the National Conference of State Legislatures (NCSL).
The legislation requires private or governmental organizations to notify individuals in the event of a security breach involving their personal identifiable information.
The guide shows existing notification requirements to individuals and regulators as well as the information covered in the legislation for the state and the penalties for each violation. It also has a rundown of pending legislation.
Not knowing the differences in all the states can leave you vulnerable to increased liability thereby jeopardizing your business and personal finances.
In the report, Digital Guardian said, “Entities that conduct business in any state must be familiar with not only federal regulations, but also individual state laws that apply to any agency or entity that collects, stores, or processes data pertaining to residents in that state.”
Digital Guardian specializes in providing solutions for protecting the data of organizations. According to the company, it has the only security platform purpose-built to stop data theft in the industry. The solution it provides can be implemented on premises, SaaS or managed service deployments.
It has been named Leader by Gartner Magic Quadrant for Enterprise Data Loss Prevention in 2017 and Forrester Wave: Endpoint Detection and Response in 2018.
What is a Breach?
Although there are some differences as to how states define a data breach, the guide says almost all of them define it as:
The Unauthorized Acquisition of Covered Information That Compromise the Security, Integrity, or Confidentiality.
Notification
When there is a breach, how and when you get notified varies greatly. While Alabama, Maryland, Ohio and others require individuals to be notified within 45 days, South Dakota allows up to 60 days and Tennessee grants up to 90 days as needed by law enforcement.
The way the notifications are delivered also vary by state, with most of them requiring a written notice along with a telephone call and electronic notices.
You can look at the infographic below for a summary of the guide. If you want the full 108 page Definitive Guide to US State Data Breach Laws from Digital Guardian you can download it here (PDF).
This is a worthwhile document to have as a reference tool.
Infographic by Digital Guardian
Image: Digital Guardian