Summary of U.S. State Data Breach Notification Statutes
Click on any of the states to see a full summary of their data breach notification statute.
*New Mexico has enacted a new data breach notification statute which will become effective June 16, 2017. Our summary for this is forthcoming. You can read more in our blog post.
If on a mobile device, click here to view state data breach notification statutes in text format.
Davis Wright Tremaine’s Privacy & Security practice group maintains this summary of the 48 state data breach notification statutes (plus the statutes for Washington, D.C., Guam, Puerto Rico, and the U.S. Virgin Islands). The summary should help answer questions about state data breach notification requirements but it is not intended to provide legal advice, which can only be given in response to inquiries regarding particular situations.
If you have questions about data breach notification requirements, please contact one of the members of our Privacy & Security group who counsels businesses and individuals about such requirements, including Christin McMeley
and Chris Avery
. If you have questions or comments about this summary, please contact
For a complete collection of DWT’s State Data Breach Notification Summaries in PDF, please click here to download.
Please note that several states have amended their respective data breach notification statutes during the 2016 legislative session. These amendments may affect or modify any current data breach notification requirements. DWT’s State Data Breach Notification Summaries will be updated as these amendments go into effect. Please refer to the last revised date on each summary page for information on when the most recent updates have been made to individual state summaries.