Summary of U.S. State Data Breach Notification Statutes

Click on any of the states to see a full summary of their data breach notification statute.

Click here to view state data breach notification statutes in text format.

Davis Wright Tremaine’s Privacy & Security practice group maintains this summary of the 50 state data breach notification statutes (plus the statutes for Washington, D.C., Guam, Puerto Rico, and the U.S. Virgin Islands). The summary should help answer questions about state data breach notification requirements but it is not intended to provide legal advice, which can only be given in response to inquiries regarding particular situations.

If you have questions about data breach notification requirements, please contact one of the members of our Privacy & Security group who counsels businesses and individuals about such requirements, including Nancy Libin and Mike Borgia. If you have questions or comments about this summary, please contact DWTBreach@dwt.com.

For a complete collection of DWT’s State Data Breach Notification Summaries in PDF, please click here to download.

Please note that states may periodically amend their respective data breach notification statutes and these amendments may affect or modify any current data breach notification requirements. DWT’s State Data Breach Notification Summaries will be updated as those amendments go into effect. Please refer to the last revised date on each summary page for information on when the most recent updates have been made to the individual state summaries.