Data Breach Notification Laws

Instructor: Martin Gibbs

Martin has 16 years experience in Human Resources Information Systems and has a PhD in Information Technology Management. He is an adjunct professor of computer science and computer programming.

Data breaches cost organizations and individuals more than money. This lesson will provide an overview of data breach notification laws, which are intended to protect individuals in the event of stolen personal information.

Data Breaches

Having your personal information stolen is a costly headache. Not only do you lose money, trust, and a sense of security, but you may also have to pay out MORE money to get your good name and credit back. For an organization, that headache is multiplied by hundreds if not thousands. A data breach can cost a US organization almost $200 per record that is stolen.

In the past several years, major organizations have made the news because they have had their data breached or stolen. From Target to Home Depot to health care organizations, the theft of large data sets usually makes national or international headlines.

Given the sensitivity of data stored by organizations (credit card numbers, social security numbers, and other personally identifiable information), there is a heightened awareness of the threat. As such, the federal government and states have enacted laws which govern how an organization must handle and communicate a data breach.

What Should Be Disclosed

What does an organization have to admit to? Companies do not have to divulge their data security secrets; they just need to protect the information they have on their customers.

The information being protected is any personally identifiable data: Social Security Number, Driver's License Number, account number, credit card number, PINs, Date of Birth, Home Address, Home Phone, passwords, and E-mail address.

Illegal access of this information is considered a breach and is to be disclosed.

Notification Laws

Like consumers, organizations can feel vulnerable and weak after a data breach. They may feel their security isn't good enough, or someone in IT made a horrible mistake (and often lose their job), or a disgruntled employee sold them out. Any of these could be true. But hackers are also becoming more and more sophisticated.

Data breach laws may expose a weakness in an organization, but remember: People still shop at Target and at Home Depot.

The notification laws are designed to protect consumers. They also put the onus on organizations to ensure better security controls and become better stewards of protected information.

Federal Law

Currently there is no federal law governing data breaches. At the time of this lesson, there is a bill in the US Congress, but it has stalled. Although Canada enacted a data breach law in 2015.

State Law

State laws are numerous; we can't hope to detail all of them here.

The first state law regarding data breaches was enacted by California in 2003. Since that time, 46 states have enacted notification requirements. States continue to modify their existing laws. Even though each state has different nuances to their laws, there are some components that are fairly consistent among the states:

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account